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About This Guide 


This guide describes how to install, upgrade, and update Novell Open Enterprise Server (OES) 2015 
SP1. Except where specifically stated, the content of this guide applies to installing OES ona 
computer’s physical hardware rather than on a Xen virtual machine host server. 

¢ Chapter 1, “What’s New or Changed in the OES Install,” on page 11 

¢ Chapter 2, “Preparing to Install OES 2015 SP1,” on page 15 

¢ Chapter 3, “Installing OES 2015 SP1 as a New Installation,” on page 43 
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+ Chapter 5, “Upgrading to OES 2015 SP1,” on page 115 
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Audience 


This guide is intended for system administrators. 


Feedback 
We want to hear your comments and suggestions about this guide and the other documentation 


included with Novell OES. Please use the User Comment feature at the bottom of each page of the 
OES online documentation. 


Documentation Updates 


The latest version of the OES 2015 SP1: Installation Guide is available at the Open Enterprise 
Server 2015 SP1 documentation website. 
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Additional Documentation 


For more information about 


Planning and implementing OES 2015 SP1 
Migration from and coexistence with other products 
Installing OES 2015 SP1 on a Xen Virtual Host 


Server 


SLES 11 SP3 Deployment details 


SLES 11 SP3 Administration details 


About This Guide 


See 


OES 2015 SP1: Planning and Implementation 
Guide 


“Different Migration Tools” in the OES 2015 SP1: 
Migration Tool Administration Guide 


Chapter 11, “Installing, Upgrading, or Updating 
OES on a VM,” on page 203 


SUSE LINUX Enterprise Server 11 SP3 
Deployment Guide (https:/Awww.suse.com/ 
documentation/sles11/book_sle_deployment/data/ 
book_sle_deployment.html) 


SUSE LINUX Enterprise Server 11 SP3 
Administration Guide (https:/Awww.suse.com/ 
documentation/sles11/book_sle_admin/data/ 
book_sle_admin.html) 


1.1 


1.2 


What’s New or Changed in the OES 
Install 


This section describes enhancements to Install for Open Enterprise Server (OES): 
¢ Section 1.1, “What’s New (Update 28-OES 2015 SP1),” on page 11 
¢ Section 1.2, “What's New (OES 2015 SP1),” on page 11 
¢ Section 1.3, “What's New (January 2016 eDirectory 8.8 SP8 Patch 6 Hot Patch 1),” on page 12 
¢ Section 1.4, “What's New (OES 2015),” on page 12 


What’s New (Update 28-OES 2015 SP1) 


On applying the OES 2015 SP1 Update 28, it is highly recommended to apply the SLES 11 SP4 (31st 
May, 2018) updates to get the optimized Spectre and Meltdown fixes. If the SLES updates are not 
applied, it may impact the performance of the OES server. 


What’s New (OES 2015 SP1) 


This section describes enhancements to the installation program for Open Enterprise Server (OES) 
2015 SP1. 


¢ “Upgrading to OES 2015 SP1” on page 11 
¢ “Multi-Forest Support for AD Users” on page 11 


Upgrading to OES 2015 SP1 


+ Upgrade from OES 11 SP2 to OES 2015 SP1: Channel upgrade allows you to upgrade from 
OES 11 SP2 to OES 2015 SP1 using zypper command. For more information, see Channel 
Upgrade from OES 11 SP2 to OES 2015 SP1 in the OES 2015 SP1: Installation Guide. 


+ Upgrade from OES 11 SP3 to OES 2015 SP1: Using zypper command, you can now manually 
upgrade from OES 11 SP3 to OES 2015 SP1. For more information, see Channel Upgrade from 
OES 11 SP3 to OES 2015 SP1 Using Zypper in the OES 2015 SP1: Installation Guide. 


Multi-Forest Support for AD Users 


Multi-forest support allows you to access NSS resources from Active Directory users belonging to AD 
forests having bi-directional trust with OES joined forest or AD domains having bi-directional external 
trust with OES joined forest. 


Forest trust (bi-directional) must be in place and active between the trusting forest and trusted 
forest(s). For more information about NIT, see NIT (Novell Identity Translator) in the OES 2015 SP1: 
NSS AD Administration Guide. 


The following OES components supports the multi-forest changes for AD users: 


+ Novell Storage Services (NSS) 
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+ Common Internet File System (CIFS) 

¢ Distributed File Services (DFS) 

+ Dynamic Storage Technology (DST) 

¢ Migration Tool 

+ Novell Identity Translator (NIT) 

¢ Storage Management Services (SMS) 

+ OES File Access Rights Management (NFARM) 
+ OES User Rights Management (NURM) 

+ NSS Auditing Client Logger (VLOG) 


+ NSS Utilities (rights, nssquota, nsschown, and metamig) 


What’s New (January 2016 eDirectory 8.8 SP8 
Patch 6 Hot Patch 1) 


Major browser vendors are taking steps to phase out SHA-1 signed certificates. OES certificates 
signed with SHA-1 should be replaced with certificate signed with SHA-2 to avoid warning messages 
to be displayed in browsers. This hot patch contains bug fixes that enables the servers to easily 
switch to SHA-2 signed certificates. 


What’s New (OES 2015) 


This section describes enhancements to the installation program for Novell Open Enterprise Server 
(OES) 2015. 


+ “NSS AD Support” on page 12 
+ “DNS Name Support for Installing and Configuring OES” on page 13 
¢ “A Synchronization Perl Script to Ensure Successful Upgrades to OES 2015” on page 13 


Increase in RAM Memory Size 


To install OES 2015 or later, the minimum RAM memory required is 2GB. For more information, see 
Server Hardware Requirements. 


The NSS file system, directory service (eDirectory), and file access protocols require additional 
memory to ensure the better I/O performance. For more information on NSS using the memory, see 
Understanding How NSS Uses Cache in the OES 2015 SP1: NSS File System Administration Guide 
for Linux. 


NSS AD Support 


Installing: Beginning with OES 2015, the Novell Storage Services AD (NSS AD) Support service can 
be installed and configured using the YaST installation. 


Upgrading: When upgrading a server to OES 2015, adding NSS AD support is a post-upgrade 
activity. 


What’s New or Changed in the OES Install 


Management Utility Availability: When you select the Novell Storage Services AD Support pattern, 
the following utilities are made available through the server’s welcome pages: 


+ Novell User Rights Map (NURM) 
+ Novell File Access Rights Management (NFARM) 


For more information, see “Installing and Configuring NSS Active Directory Support” in the OES 2015 
SP1: Installation Guide . 
DNS Name Support for Installing and Configuring OES 


Beginning with OES 2015, you can use DNS host names in addition to using IP addresses when 
installing and configuring OES services. 


If a short DNS host name is used while connecting to an existing tree, ensure that you create a server 
certificate with the short DNS host name. If the server certificate is not created with short DNS host 
names, all LDAP-related operations will fail. 


For more information on creating the server certificate, see “Server Certificate Object Tasks” in the 
NetIQ Certificate Server Administration Guide. 
A Synchronization Perl Script to Ensure Successful Upgrades to OES 2015 


OES upgrade operations use the configuration information in /etc/sysconfig/novel1l. If you modify 
an OES service outside of YaST, the configuration information gets out of sync. In past OES releases, 
this caused problems for administrators performing upgrades.. 


OES 2015 includes a new upgrade script (oes_upgrade_check.p1) for synchronizing individual OES 
service configuration information with /etc/sysconfig/novell. 


For more information, see “Synchronizing the OES Configuration Information before Starting an 
Upgrade” in the OES 2015 SP1: Installation Guide. 
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2.1 


2.2 


2.2.1 


Preparing to Install OES 2015 SP1 


In preparation for the installation, perform the tasks and understand the information in the following 
sections: 


+ 


+ 


+ 


+ 


Section 2.1, “Before You Install,” on page 15 

Section 2.2, “Meeting All Server Software and Hardware Requirements,” on page 15 
Section 2.3, “NetIQ eDirectory Rights Needed for Installing OES,” on page 17 

Section 2.4, “Installing and Configuring OES as a Subcontainer Administrator,” on page 17 
Section 2.5, “Preparing eDirectory for OES 2015 SP1,” on page 22 

Section 2.6, “Deciding What Patterns to Install,” on page 27 

Section 2.7, “Obtaining OES 2015 SP1 Software,” on page 36 

Section 2.8, “Preparing Physical Media for a New Server Installation or an Upgrade,” on page 36 
Section 2.9, “Setting Up a Network Installation Source,” on page 37 

Section 2.10, “Always Install OES as an Add-On Product,” on page 41 

Section 2.11, “Install Only One Server at a Time,” on page 42 

Section 2.12, “What's Next,” on page 42 


Before You Install 


Before you install Novell Open Enterprise Server 2015 (OES 2015 SP1), review the following 
information: 


o 


o 


“Planning Your OES 2015 SP1 Implementation” in the OES 2015 SP1: Planning and 
Implementation Guide 


“Before You Install” in the OES 2015 SP1: Readme 


Meeting All Server Software and Hardware 
Requirements 


Before installing OES 2015 SP1, ensure that your system meets the following requirements: 


+ 


+ 


Section 2.2.1, “Server Software,” on page 15 


Section 2.2.2, “Server Hardware,” on page 16 


Server Software 


As part of the OES 2015 SP1 installation, you install SUSE Linux Enterprise Server 11 SP4. 


IMPORTANT: OES 2015 SP1 services were developed and tested on a default and fully-patched 
SLES 11 SP4 server base. 
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As you install OES 2015 SP1, do not change any of the SLES 11 SP4 Base Technologies package 
selections, such as Java support. Doing so can cause various problems, such as the installation 
failing or one or more OES 2015 SP1 services not working properly. 


If you are installing on an existing SLES 11 SP4 server, be sure to verify that all of the default SLES 
11 SP4 components are installed before attempting to install OES 2015 SP1 services. 


2.2.2 Server Hardware 


Table 2-1 Server Hardware Requirements 


System Component Minimum Requirements 


Computer Any server-class computer that 
runs with AMD64 or Intel* 
EM64T processors. 


Recommended Requirements 


IMPORTANT: OES 2015 SP1 is an add-on 
product to SLES 11 SP4; it only runs on x86_64. 
Other processors that are supported by SLES 11 
SP4, such as Itanium (IA64) and Intel x86(IA32), 
are not supported for running OES services. 


NOTE: Services such as iManager, SMS, and 
NRM run in 32-bit mode on a 64-bit platform. 


Memory 2 GB of RAM 


4 GB of RAM for the base system. Additional RAM 
might be required depending on which OES 
components are selected and how they are used. 


Free Disk Space 


10 GB of available, 
unpartitioned disk space 


16 GB of available, unpartitioned disk space. 
Additional disk space might be required, 
depending on which OES components are 
selected and how they are used. 


DVD Drive DVD drive if installing from 


physical media 


DVD drive if installing from physical media 


Hard Drive 20 GB 


Network Board 


Ethernet 100 Mbps 


IP address One static IP address 


Subnet mask 


Default gateway 


Mouse N/A 


USB or PS/2 


Server computer BIOS Using a DVD installation 
source, prepare the BIOS on 
your server computer so that it 
boots from the DVD drive first. 


Video Card and Monitor 1024 X 768 resolution or higher 
with a minimum color depth of 8 


bits (256 colors) 


Although it is technically possible to run the 
ncurses installation at a lower resolution, some 
informational messages aren't displayed because 
text strings don’t wrap to the constraints of the 
window. 


NOTE: The RAM and disk space amounts shown here are for system components only. The OES 
service components that you install might require additional RAM and disk space. 
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2.3.3 


2.4 


Be sure to complete the planning instructions in the OES 2015 SP1: Planning and Implementation 
Guide for each component that you install. 


NetIQ eDirectory Rights Needed for Installing OES 


¢ Section 2.3.1, “Rights to Install the First OES Server in a Tree,” on page 17 
¢ Section 2.3.2, “Rights to Install the First Three Servers in an eDirectory Tree,” on page 17 


¢ Section 2.3.3, “Rights to Install the First Three Servers in any eDirectory Partition,” on page 17 


Rights to Install the First OES Server in a Tree 


To install an OES server in a tree, you must have rights to extend the schema, meaning that you need 
Supervisor rights to the root of the tree. 


You can extend the schema by using the Novell Schema Tool in YaST or by having a user with 
Supervisor rights to the root of the eDirectory tree install the first OES server and the first instance of 
each OES service that will be used into the tree. For more information, see Section 2.5.4, “Extending 
the Schema,” on page 25. 


Rights to Install the First Three Servers in an eDirectory 
Tree 


If you are installing the server into a new tree, the Admin user that is created during the OES 
installation has full rights to the root of the tree. Using the account for user Admin allows the installer 
to extend the eDirectory schema for OES as necessary. To install the first OES server in an 
eDirectory tree, you must have the Supervisor right at the root of the eDirectory tree. 


Rights to Install the First Three Servers in any eDirectory 
Partition 


By default, the first three servers installed in an eDirectory partition automatically receive a replica of 
that partition. To install a server into a partition that does not already contain three replica servers, the 
user must have either the Supervisor right at the root of the tree or the Supervisor right to the 
container in which the server holding the partition resides. 


Installing and Configuring OES as a Subcontainer 
Administrator 


IMPORTANT: The information explained in Section 2.3, “NetIQ eDirectory Rights Needed for 
Installing OES,” on page 17 is prerequisite to the information contained in this section. 


This section outlines the required eDirectory rights and explains how a subcontainer administrator 
approaches various installation tasks. 


¢ Section 2.4.1, “Rights Required for Subcontainer Administrators,” on page 18 


¢ Section 2.4.2, “Providing Required Rights to the Subcontainer Administrator for Installing and 
Managing Samba,” on page 20 
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¢ Section 2.4.3, “Starting a New Installation as a Subcontainer Administrator,” on page 22 
¢ Section 2.4.4, “Adding/Configuring OES Services as a Different Administrator,” on page 22 


2.4.1 Rights Required for Subcontainer Administrators 


For security reasons, you might want to create one or more subcontainer administrators 
(administrators that are in a container that is subordinate to the container that user Admin is in) with 
sufficient rights to install additional OES servers, without granting them full rights to the entire tree. 


A subcontainer administrator needs the rights listed in Table 2-2 to install an OES server into the tree. 
These rights are typically granted by placing all administrative users in a Group or Role in eDirectory, 
and then assigning the rights to the Group or Role. Sample steps for assigning the rights to a single 
subcontainer administrator are provided as a general guide. 


Table 2-2 Subcontainer Administrator Rights Needed to Install 


Rights Needed Sample Steps to Follow 
Supervisor right to itself 1. In iManager, click View Objects > the Browse tab, then browse to and 
select the subcontainer administrator. 
2. Click the administrator object, then select Modify Trustees. 
3. Click the Assigned Rights link for the administrator object. 
4. For the [All Attributes Rights] property, select Supervisor, then click Done 


> OK. 
Supervisor right to the 1. Browse to the container where the subcontainer administrator will install 
container where the server the server. 


will be installed 2. Click the container object and select Modify Trustees. 


3. Click Add Trustee, browse to and select the subcontainer administrator, 
then click OK. 


4. Click the Assigned Rights link for the administrator object. 
5. For the [All Attributes Rights] and [Entry rights] properties, select 
Supervisor, then click Done > OK > OK. 
Supervisor right to the WO 1. Browse to Security > KAP. 
object located inside the KAP 2. In KAP, click WO and select Modify Trustees. 
object in the Security 


container 3. Click Add Trustee, browse to and select the subcontainer administrator, 
then click OK. 


4. Click the Assigned Rights link for the administrator object. 


5. For the [All Attributes Rights] and [Entry rights] properties, select 
Supervisor, then click Done > OK > OK. 


Supervisor right to the If the subcontainer administrator will install the NMAS login methods: 
Security container when 

installing the NMAS login 1. Browse to and select Security. 

methods 2. Select Modify Trustees. 


3. Click Add Trustee, browse to and select the subcontainer administrator, 
then click OK. 


4. Click the Assigned Rights link for the administrator object. 


5. For the [All Attributes Rights] and [Entry rights] properties, select 
Supervisor, then click Done > OK > OK. 
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Create right to its own 1. 


container (context) 


Browse to and select the container where you created the subcontainer 
administrator. 


2. Select Modify Trustees. 


3. Click Add Trustee, browse to and select the subcontainer administrator, 


then click OK. 


4. Click the Assigned Rights link for the administrator object. 


5. For the [Entry Rights] property, select Create, then click Done > OK > OK. 


Create right to the container 1. 


where the UNIX Config object 
is located 


Browse to and select the container where the UNIX Config object is 
located. By default, this is the Organization object. 


2. Select Modify Trustees. 


3. Click Add Trustee, browse to and select the subcontainer administrator, 


4. 
5. 


then click OK. 
Click the Assigned Rights link for the administrator object. 


For the [Entry Rights] property, select Create, then click Done > OK > OK. 


Read right to the Security This is not needed if the Supervisor right was assigned because of NMAS. 


container object for the 
eDirectory tree 


If the subcontainer administrator won't install the NMAS login methods, do the 


following: 


T 


Browse to and select Security. 


2. Select Modify Trustees. 


Click Add Trustee, browse to and select the subcontainer administrator, 
then click OK. 


4. Click the Assigned Rights link for the administrator object. 


5. For the [All Attributes Rights] property, select Read, then click Done > OK 


Read right to the 
NDSPKI:Private Key attribute 
on the Organizational CA 
object (located in the Security 
container) 


wo 


> OK. 


1. Browse to Security and select the Organizational CA object. 


2. Select Modify Trustees. 


Click Add Trustee, browse to and select the subcontainer administrator, 
then click OK. 


4. Click the Assigned Rights link for the administrator object. 
5. Click the Add Property button. 
6. Select NDSPKI:Private Key, then click OK. 


Read and Write rights to the 1. 


UNIX Config object 


The Read right should be automatically assigned. 


. Click Done > OK > OK. 


Browse to and select the UNIX Config object. 


2. Select Modify Trustees. 


3. Click Add Trustee, browse to and select the subcontainer administrator, 


then click OK. 


4. Click the Assigned Rights link for the administrator object. 


5. For the [All Attributes Rights] property, select Write (Read is already 


selected), then click Done > OK > OK. 
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Rights Needed Sample Steps to Follow 


a 


Write right to the [All Attribute 
Rights] property for the 
admingroup object 


Browse to and select the admingroup object. 
2. Select Modify Trustees. 


3. Click Add Trustee, browse to and select the subcontainer administrator, 
then click OK. 


4. Click the Assigned Rights link for the administrator object. 


5. For the [All Attributes Rights] property, select Write (Compare and Read 
are already selected), then click Done > OK > OK. 


When you install DNS/DHCP into an existing tree with DNS/DHCP, see the following additional 
guidelines: 


+ For DNS, see “eDirectory Permissions ” in the OES 2015 SP1: DNS/DHCP Services for Linux 
Administration Guide. 


+ For DHCP, see “eDirectory Permissions ” in the OES 2015 SP1: DNS/DHCP Services for Linux 
Administration Guide. 


2.4.2 Providing Required Rights to the Subcontainer 
Administrator for Installing and Managing Samba 


Prior to installing any new OES Samba server in a tree, ensure that you provide supervisor rights to 
the subcontainer administrator for the location mentioned in Table 2-3. 


Table 2-3 Subcontainer Administrator Rights Needed to Manage Samba 


Rights Needed Sample Steps to Follow 
Supervisor rights to the container where the Linux 1. In iManager, click View Objects, then browse 
workstation object will be located and select the container where the OES Samba 


server will be installed. 
2. Click Actions > Modify Trustees. 


3. On the Modify Trustees page, click Assigned 
Rights next to the trustee name for which you 
want to modify rights. 


4. Click the desired container admin object to add it 
to the Selected Objects section. 


5. Click OK. 


6. Select Property Name rights (All! Attribute 
Rights and Entry Rights) and assign 
Supervisor rights, then click Done. 


20 Preparing to Install OES 2015 SP1 


Rights Needed 


Supervisor rights to the container where the Unix 
config object will be located 


Supervisor rights to the container where the Samba/ 
LDAP base context will be located 


Supervisor rights to the container where the Samba 
proxy user will be installed 


Sample Steps to Follow 


1. 


On the Novell iManager, click View Objects, then 
in the Tree, browse and select the container 
where Unix Config object is located. 


Select the Unix Config object, then click Actions 
> Modify trustees. 


. On the Modify Trustees page, click Assigned 


Rights next to the trustee name for which you 
want to modify rights. 


Click the desired container admin object to add it 
to the Selected Objects section. 


Click OK. 


6. Select Property Name rights (All! Attribute 


Rights and Entry Rights) and assign 
Supervisor rights, then click Done. 


On the Novell iManager, click View Objects, then 
in the Tree, browse and select the container 


where the Samba/LDAP base context will reside. 


Select the Current Level tree object, then click 
Actions > Modify trustees. 


On the Modify Trustees page, click Assigned 
Rights next to the trustee name for which you 
want to modify rights. 


Click the desired container admin object to add it 
to the Selected Objects section. 


5. Click OK. 
6. Select Property Name rights (All! Attribute 


Rights and Entry Rights) and assign 
Supervisor rights, then click Done. 


On the Novell iManager, click View Objects, then 
in the Tree, browse and select the container 
where the Samba proxy user context will be 
installed. 


. Select the Samba proxy object, then click 


Actions > Modify trustees. 


. On the Modify Trustees page, click Assigned 


Rights next to the trustee name for which you 
want to modify rights. 


. Click the desired container admin object to add it 


to the Selected Objects section. 
Click OK. 


Select Property Name rights (All Attribute 
Rights and Entry Rights) and assign 
Supervisor rights, then click Done. 
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2.4.3 


2.4.4 


2.5 


2.5.1 


Starting a New Installation as a Subcontainer Administrator 


You can install a new OES server into an existing tree as a subcontainer administrator if you have the 
following: 
¢ The rights described in “Rights Required for Subcontainer Administrators” on page 18 


¢ The rights described in “Providing Required Rights to the Subcontainer Administrator for 
Installing and Managing Samba” on page 20 


¢ (If applicable) The rights described for the server installations in “NetIQ eDirectory Rights 
Needed for Installing OES” on page 17 


When you reach the eDirectory Configuration - Existing Tree page, enter your fully distinguished 
name (FDN) and password. After verifying your credentials, the installation proceeds normally. 


Adding/Configuring OES Services as a Different 
Administrator 


To add or configure OES services on an OES server that another administrator installed, see “Adding/ 
Configuring OES Services on a Server That Another Administrator Installed” on page 114. 


Preparing eDirectory for OES 2015 SP1 


¢ Section 2.5.1, “If Your Directory Tree Is Earlier than eDirectory 8.6,” on page 22 
¢ Section 2.5.2, “If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier,” on page 23 


+ Section 2.5.3, “If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS 
Installed,” on page 23 


¢ Section 2.5.4, “Extending the Schema,” on page 25 


If Your Directory Tree Is Earlier than eDirectory 8.6 


If you are installing an OES 2015 SP1 server into an eDirectory tree that is earlier than eDirectory 8.6, 
do the following before installing your first OES server in an existing NetWare tree: 


1 Extend the schema by using Deployment Manager. See “Schema Update” in the NW65 SP8: 
Installation Guide. 
2 Ensure that the schema is synchronized throughout the tree from root: 
2a Enter the following commands at the System Console prompt of the NetWare server with 
the Master of root: 


set DSTRACE=on 

set DSTRACE=nodebug 

set DSTRACE=+Schema 

set DSTRACE=*SSD 

set DSTRACE=*SSA 
2b Toggle to the Directory Services screen and look for the message All Processed = YES. 
2c On each server that holds a Master of a partition, enter the following commands at the 

System Console prompt: 


set DSTRACE=off 


Preparing to Install OES 2015 SP1 


2.5.2 


2.5.3 


set DSTRACE=nodebug 
set DSTRACE=+Schema 
set DSTRACE=*SS 


2d Toggle to the Directory Services screen and look for the message All Processed = YES. 


If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier 


If you are installing into an eDirectory tree that is using a NetWare server to supply LDAP, you should 
upgrade the LDAP server that the OES installation will communicate with to NetWare 6.5 SP3 or later. 
A server running NetWare 6.5 SP2 or earlier will probably abend. 


If Your Tree Has Ever Contained an OES 1 Linux Server with 
LUM and NSS Installed 


Having NSS volumes on OES servers requires certain system-level modifications, most of which are 
automatic. For more information, see “System User and Group Management in OES 2015 SP1” in 
the OES 2015 SP1: Planning and Implementation Guide. 

+ “NetStorage, X-Tier, and Their System Users” on page 23 

+ “An NSS Complication” on page 23 

+ “eDirectory Solves the Basic Problem” on page 24 

+ “The OES 2 Solution: Standardizing the UIDs on all OES servers” on page 24 


NetStorage, X-Tier, and Their System Users 


By default, certain OES services, such as NetStorage, rely on a background Novell service named X- 
Tier. 


To run on an OES server, X-Tier requires two system-created users (named novlxsrvd and 
novlxregd) and one system-created group that the users belong to (named novlxtier). 


An NSS Complication 


The two X-Tier users mentioned above, and their group, are created on the local system when X-Tier 
is installed. For example, they are created when you install NetStorage, and their respective UIDs 
and GID are used to establish ownership of the service’s directories and files. 


For NetStorage to run, these X-Tier users and group must be able to read data on all volume types 
that exist on the OES server. 


As long as the server has only Linux traditional file systems, such as Ext3 and Reiser, NetStorage 
runs well. 


However, if the server has NSS volumes, an additional requirement is introduced. NSS data can only 
be accessed by eDirectory users. Consequently, the local X-Tier users can’t access NSS data, and 
NetStorage can’t run properly. 
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eDirectory Solves the Basic Problem 


When NSS volumes are created on the server, the two X-Tier system users and their group are 
moved to eDirectory and enabled for Linux User Management (LUM). See “Linux User Management: 
Access to Linux for eDirectory Users” in the OES 2015 SP1: Planning and Implementation Guide. 


After the move to eDirectory, they can function as both eDirectory and POSIX users, and they no 
longer exist on the local system. 


The OES 2 Solution: Standardizing the UIDs on all OES servers 


If your eDirectory tree has ever contained an OES 1 Linux server with NSS and LUM installed, do the 
following on each server (including OES 2) that has NSS and LUM installed: 
1 Log in as root and open a terminal prompt. Then enter the following commands: 
id novlxregd 
id novlxsrvd 


The standardized X-Tier IDs are UID 81 for novlxregd, UID 82 for novlxsrvd, and GID 81 for 
novlxtier. 


2 If you see the following ID information, the X-Tier IDs are standardized and you can move to the 
next server: 


uid=81(novlxregd) gid=81(novlxtier) groups=81(novlxtier ) 
uid=82(novlxsrvd) gid=81(novlxtier) groups=81(novlxtier),8(www) 


If you see different IDs than those listed above, such as 101, 102, 103, etc., record the numbers 
for both X-Tier users and the novixtier group. You need these IDs to standardize the IDs on the 
server. 


3 Download the following script file: 
¢ fix_xtier_ids.sh (http://www.novell.com/documentation/oes2/scripts/fix_xtier_ids.sh) 
4 Customize the template file by replacing the variables in angle brackets (<>) as follows: 
+ <server_name>: The name of the server object in eDirectory. 
Replace this variable with the server name. 


For example, if the server name is myserver, replace <server_name> with myserver so that 
the line in the settings section of the script reads 


server=myserver 
+ <context>: The context of the X-Tier user and group objects. 


Replace this variable with the fully distinguished name of the context where the objects 
reside. 


For example, if the objects are an Organizational Unit object named servers, replace 
ou=servers,o=company. 


+ <admin fdn>: The full context of an eDirectory admin user, such as the Tree Admin, who 
has rights to modify the X-Tier user and group objects. 


Replace this variable with the admin name and context, specified with comma-delimited 
syntax. 


For example, if the tree admin is in an Organization container named company, the full 
context is cn=admin,o=company and the line in the settings section of the script reads 


admin_fdn="cn=admin, o=company" 
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+ <novixregd_uid>: The UID that the system assigned to the local novixregd user. It might or 
might not be the same on each server, depending on whether the nssid.sh script ran 
successfully. 


Replace this variable with the UID reported for the novlxregd user on this server as listed 
when you ran the commands in Step 1 on page 24. 


In the example script, the original UID is 101. It is changed to 81 in the third line of the script. 
The sixth line changes the UID on all of the files and directories on the server that are 
owned by the novixregd user from 101 to 81. 


+ <novixsrvd_uid>: The UID that the system assigned to the local novixsrvd user. It might 
not be the same on each server, depending on whether the nssid.sh script ran 
successfully. 


Replace this variable with the UID reported for the novlxsrvd user on this server as listed 
when you ran the commands in Step 1 on page 24. 


In the example script, the original UID is 103. It is changed to 82 in the fourth line of the 
script. The seventh line changes the UID on all of the files and directories on the server that 
are owned by the novlxsrvd user from 103 to 82. 


+ <novixtier_gid>: The GID that the system assigned to the local novixtier group. It might not 
be the same on each server, depending on whether the nssid.sh script ran successfully. 


Replace this variable with the GID reported for the novixtier group on this server as listed 
when you ran the commands in Step 1 on page 24. 


In the example script, the original GID is 101. It is changed to 81 in the second line of the 
script. The sixth and seventh lines change the GID from 101 to 81 for all of the files and 
directories on the server that are owned by the novlxtier group. 


Make the script executable and run it on the server. 


IMPORTANT: Changes to the X-Tier files are not reported on the terminal. 


Error messages are reported, but you can safely ignore them. The script scans the entire file 
system, and some files are locked because the system is running. 


6 Repeat from Step 1 for each of the other servers in the same context. 


Extending the Schema 


An eDirectory tree must have its schema extended to accommodate OES 2015 servers and services 
as explained in the following sections: 


+ 


+ 


+ 


+ 


+ 


“Who Can Extend the Schema?” on page 25 

“Which OES 2015 SP1 Services Require a Schema Extension?” on page 26 
“Extending the Schema While Installing OES 2015 SP1” on page 26 

“Using the YaST Plug-In to Extend the Schema” on page 27 


“Extending the Schema for Novell Cluster Services” on page 27 


Who Can Extend the Schema? 


Only an administrator with the Supervisor right at the root of an eDirectory tree can extend the tree’s 
schema. 


Preparing to Install OES 2015 SP1 25 


26 


Which OES 2015 SP1 Services Require a Schema Extension? 


The following service schema extensions are included with OES 2015 SP1. 


A single asterisk (*) indicates a service that is either required for OES 2015 SP1 servers or for the 
default services that are installed on every OES 2015 SP1 server. 


Unmarked extensions are implemented the first time their respective services are installed, unless 
the schema was previously extended using another method, such as the YaST plug-in (see “Using 
the YaST Plug-In to Extend the Schema” on page 27). 

+ NetIQ Directory Services* 

+ Novell Linux User Management (LUM)* 

e Novell iPrint Services 

+ Novell DHCP Services 

+ Novell DNS Services 

+ Novell NCP Server 

+ Novell NetStorage 

+ Novell Storage Services (NSS) 

+ Novell SMS* 

e Novell iFolder 

+ Novell Domain Services for Windows 

+ NetIQ NMAS* 

¢ Novell CIFS 

¢ Novell Clustering 


Novell Cluster Services requires you to extend the schema manually. Follow the instructions in 
“Installing, Configuring, and Repairing Novell Cluster Services” in the OES 2015 SP1: Novell 
Cluster Services for Linux Administration Guide. 

+ Novell Remote Manager 


+ Novell Samba 


Extending the Schema While Installing OES 2015 SP1 


The simplest way to extend the schema for OES 2015 SP1 servers is to have a tree admin install the 
first OES 2015 SP1 server and the first instance of each OES 2015 SP1 service that you plan to run 
on your network. 


After this initial installation, you can assign subcontainer admins with the required rights to install 
additional servers and services. For more information on the required rights for the various OES 
services, see “Rights Required for Subcontainer Administrators” on page 18. 


Preparing to Install OES 2015 SP1 


2.6 


Using the YaST Plug-In to Extend the Schema 


If you want a subcontainer admin to install the first OES 2015 SP1 server or the first instance of an 
OES 2015 SP1 service in an existing tree, and you don’t want to grant that admin the Supervisor right 
to the root of the tree, someone with the Supervisor right to root can extend the schema by using 
YaST from any of the following locations: 

+ An OES 2015 SP1 server running in another tree 

¢ Install a fully patched SLES 11 SP4 server, then install OES 2015 SP1 without installing any of 

the services, followed by the yast2 novell-schema tool installation. 

To run the Novell Schema Tool: 


1 On the server’s desktop, click Computer and open the YaST Control Center. 
2 Click Open Enterprise Server > Novell Schema Tool. 


3 Depending on the installation method you used, you might be required to insert your OES 2015 
SP1 installation media. 


4 On the NetIQ eDirectory Extension Utility page, specify the information for an eDirectory server 
with a Read/Write replica of the Root partition. 


Be sure to provide the correct information to authenticate as an admin user with the Supervisor 
right at the root of the target tree. Otherwise, the schema extension fails. 


5 Select all of the other services you plan to run on any of the OES 2015 SP1 servers in the tree. 
6 Click Next. 
The schema is extended. 


The YaST2 novell-schematool utility writes the schema event messages to the /var/opt/ 
novell/eDirectory/log/oes_schema.1og file on the server where the utility is running. 


Extending the Schema for Novell Cluster Services 


If you want a subcontainer administrator to install the first instance of Novell Cluster Services in a 
tree, you can extend the schema by following the instructions in “Installing, Configuring, and 
Repairing Novell Cluster Services” in the OES 2015 SP1: Novell Cluster Services for Linux 
Administration Guide. 


Deciding What Patterns to Install 


A default SLES 11 SP4 installation has the following base technology, graphical environment, and 
primary function patterns selected for installation. With the exception explained in the two Important 
notes below, you can accept or deselect these patterns and install additional patterns as desired. 
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Table 2-4 Standard SLES 11 SP4 Installation Patterns 


Pattern 


Server Base System 


Description 


Consists of all packages that are common to all Novell SUSE Linux 
Enterprise products. Also provides a Linux Standard Base 3.0 compliant 
runtime environment. 


This pattern is selected for installation by default. 


IMPORTANT: You must either install this pattern or the Common Code 
Base pattern. 


Common Code Base 


The largest system. It includes all packages available with SUSE Linux, 
except those that would result in dependency conflicts. 


IMPORTANT: You must either install this pattern or the Server Base 
System pattern. 


Novell AppArmor 


Novell AppArmor is an open source Linux application security framework 
that provides mandatory access control for programs, protecting against 
the exploitation of software flaws and compromised systems. AppArmor 
includes everything you need to provide effective containment for 
programs (including those that run as root) to thwart attempted exploits 
and even zero-day attacks. AppArmor offers an advanced tool set that 
largely automates the development of per-program application security so 
that no new expertise is required. 


This pattern is selected for installation by default. 


GNOME Desktop Environment 


The GNOME desktop environment is an intuitive and attractive desktop for 
users. The GNOME development platform is an extensive framework for 
building applications that integrate into the rest of the desktop. 


This pattern is selected for installation by default. 


X Window System 


In continuous use for over 20 years, the X Window System provides the 
only standard platform-independent networked graphical window system 
bridging the heterogeneous platforms in today's enterprise: from network 
servers to desktops, thin clients, laptops, and handhelds, independent of 
operating system and hardware. 


This pattern is selected for installation by default. 


Print Server 


Sets up a print server to host print queues so that they can be accessed 
by other computers on the same network, including machines running 
Microsoft Windows operating systems. The print server can accept print 
jobs from client computers and direct them to locally attached printers or to 
network printers. LPD, CUPS, and SMB print servers and queues are 
supported. 


This pattern is selected for installation by default. 


The OES add-on installation includes the following OES Services patterns: 
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Table 2-5 OES Services Pattern Descriptions 


Pattern 


Novell AFP 


Description 


A Novell AFP server allows Macintosh clients to access data stored on NSS 
volumes in the same way they access data on a Mac OS X server. 


This pattern selects and installs these services: 
+ Novell Backup / Storage Management Services (SMS) 
+ NetIQ eDirectory 
+ Novell Storage Services (NSS) 
+ Novell Linux User Management (LUM) 
+ Novell Remote Manager (NRM) 
+ Novell NCP Server 


This pattern cannot be installed on the same server as these services: 


+ Novell Domain Services for Windows 


Novell Backup/Storage 
Management Services 
(SMS) 


The Novell backup infrastructure (called Storage Management Services or SMS) 
provides backup applications with the framework to develop a complete backup 
and restore solution. 


SMS helps back up file systems (Such as NSS) or application data (such as data 
from GroupWise) on NetWare and SUSE Linux Enterprise Server (SLES) to 
removable tape media or other media for off-site storage. It provides a single 
consistent interface for all file systems and applications across NetWare and 
SLES. 


This pattern selects and installs these services: 


+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 


Novell CIFS 


CIFS (Common Internet File System) is a network sharing protocol. Novell CIFS 
enables Windows, Linux, and UNIX client workstations to copy, delete, move, save, 
and open files on an OES 2015 SP1 server. CIFS allows read and write access 
from multiple client systems simultaneously. 


This pattern selects and installs these services: 
+ Novell Backup / Storage Management Services (SMS) 
+ NetIQ eDirectory 
+ Novell Storage Services (NSS) 
+ Novell Linux User Management (LUM) 
+ Novell Remote Manager (NRM) 
+ Novell NCP Server 


This pattern cannot be installed on the same server as these services: 


+ Novell Domain Services for Windows 


+ Novell Samba 
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Pattern Description 


Novell Cluster Services Novell Cluster Services is a server clustering system that ensures high availability 

(NCS) and manageability of critical network resources including data, applications, and 
services. It is a multinode clustering product for Linux that is enabled for NetlQ 
eDirectory and supports failover, failback, and migration (load balancing) of 
individually managed cluster resources. 


Novell Cluster Services lets you add Linux nodes to an existing NetWare 6.5 
cluster without bringing down the cluster, or it lets you create an all-Linux cluster. 
With a mixed cluster, you can migrate services between OS kernels, and if services 
are alike on both platforms (such as NSS), you can set the services to fail over 
across platforms. 


Using Novell Cluster Services with iSCSI technologies included in OES, you can 
build inexpensive clustered SANs on commodity gigabit Ethernet hardware. You 
can leverage existing hardware into a high availability solution supporting Linux 

and NetWare clusters. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server with these services: 


+ High Availability 


Novell DHCP Novell DHCP (Dynamic Host Configuration Protocol) uses eDirectory to provide 
configuration parameters to client computers and integrate them into a network. 


The eDirectory integration lets you have centralized administration and 
management of DHCP servers across the enterprise and lets you set up DHCP 
subnet replication via NetIQ eDirectory. 


This pattern selects and installs these services: 
+ Novell Backup/Storage Management Services (SMS) 
+ NetIQ eDirectory 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 


Novell DNS Novell DNS uses NetIQ eDirectory to deliver information associated with domain 
names, in particular the IP address. 


This eDirectory integration lets you have centralized administration and 
management of DNS servers across the enterprise and lets you set up a DNS zone 
via NetIQ eDirectory. 


This pattern selects and installs these services: 


+ 


Novell Backup/Storage Management Services (SMS) 


+ 


NetIQ eDirectory 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
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Pattern 


Novell Domain Services 
for Windows 


Description 


Novell Domain Services for Windows provides seamless cross-authentication 
capabilities between Windows/Active Directory and Novell OES 2015 servers. It is 
a suite of integrated technologies that removes the need for the Novell Client when 
logging on and accessing data from Windows workstations in eDirectory trees. This 
technology simplifies the management of users and workstations in mixed Novell- 
Microsoft environments. 


This pattern selects and installs these services: 


+ Novell Backup / Storage Management Services (SMS) 


+ 


NetlQ eDirectory 
Novell DNS 


+ 


+ Novell Linux User Management (LUM) 


+ 


Novell Remote Manager (NRM) 
+ Novell NCP Server 


This pattern cannot be installed on the same server as these services: 


+ Novell Samba 

+ Novell CIFS 

+ Novell AFP 

+ Novell FTP 

+ Novell iFolder 

+ Novell NetStorage 


+ Novell Pre-Migration Server 


NetIQ eDirectory 


NetIQ eDirectory services are the foundation for the world's largest identity 
management, high-end directory service that allows businesses to manage 
identities and security access for employees, customers, and partners. More than 
just an LDAP data store, eDirectory is the identity foundation for managing the 
relationships that link your users and their access rights with corporate resources, 
devices, and security policies. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ OpenLDAP 
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Pattern Description 


Novell FTP Novell FTP (File Transfer Protocol) is integrated with NetIQ eDirectory so that 
users can securely transfer files to and from OES volumes. 


This pattern selects and installs these services: 


+ 


Novell Backup/Storage Management Services (SMS) 
+ NetIQ eDirectory 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ Novell Domain Services for Windows 


Novell iFolder Novell iFolder 3.9 is a simple and secure storage solution that increases user 
productivity by enabling users to back up, access, and manage their personal files 
from anywhere, at any time. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 
+ NetIQ eDirectory 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ Novell Domain Services for Windows 


Novell iManager Novell iManager is a Web-based administration console that provides secure, 
customized access to network administration utilities and content from virtually 
anywhere you have access to the Internet and a Web browser. 


iManager provides the following benefits: 


¢ Single point of administration for NetIQ eDirectory objects, schema, partitions, 
and replicas 


+ Single point of administration for many other network resources 
+ Management of many Novell products by using iManager plug-ins 


+ Role-Based Services (RBS) for delegated administration 
This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
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Pattern 


Novell iPrint 


Description 


Novell iPrint lets employees, partners, and customers access printers from a 
variety of locations across the network and the Internet. From a web browser, users 
can easily install any printer on the network from any location. 


This pattern selects and installs these services: 


+ 


Novell Backup/Storage Management Services (SMS) 


+ 


NetIQ eDirectory 


+ 


Novell Linux User Management (LUM) 


+ 


Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ CUPS 


Novell Linux User 
Management (LUM) 


Novell NCP Server / 
Dynamic Storage 
Technology 


Linux User Management (LUM) enables eDirectory users to function as local 
POSIX users on Linux servers. This functionality lets administrators use eDirectory 
to centrally manage remote users for access to one or more OES servers. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 


+ Novell Remote Manager (NRM) 


Novell NCP Server for Linux enables support for login scripts, mapping drives to 
OES servers, and other services commonly associated with Novell Client access. 
This means that Windows users with the Novell Client installed can be seamlessly 
transitioned to file services on OES. 


NCP Server includes Novell Dynamic Storage Technology, which allows seldom- 
accessed files on NSS volumes to be automatically moved, according to policies 
set by the administrator, from faster-access storage to lower-cost storage media 
where the files can be more easily managed and backed up. 


Services included with NCP (NetWare Core Protocol) are file access, file locking, 
security, tracking of resource allocation, event notification, synchronization with 
other servers, connection and communication, print services and queue 
management, and network management. 


This pattern selects and installs these services: 
+ Novell Backup/Storage Management Services (SMS) 
+ NetIQ eDirectory 


+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
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Pattern 


Novell NetStorage 


Novell Pre-Migration 
Server 


Description 


Novell NetStorage provides the solution for simple, Internet-based access to file 
storage. NetStorage is a bridge between a company's protected Novell storage 
network and the Internet. It lets users access files securely from any Internet 
location, with nothing to download or install on the user's workstation. 


With Novell NetStorage, a user can securely access files from any Internet-enabled 
machine. Users can copy, move, rename, delete, read, write, recover, and set 
trustee assignments (based on their privilege level) on files between a local 
workstation and a Novell storage network. Access is available from any Internet- 
attached workstation, anywhere in the world. There is no need to email or copy 
data from one machine to another. 


This pattern selects and installs these services: 
+ Novell Backup/Storage Management Services (SMS) 
+ Novell iManager 
+ Novell Linux User Management (LUM) 
+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 
+ Novell Domain Services for Windows 


A Novell Pre-Migration Server is not actually a service. Rather, it is a special- 
purpose server—the target of a Server ID Transfer Migration. 


Selecting this option causes this server to be installed without an eDirectory 
replica, thus preparing it to assume the identity of another server that you plan to 
decommission. For more information, see the OES 2015 SP1: Migration Tool 
Administration Guide. 


You should also select and install all the services that you plan to migrate from the 
other server. Services that are not installed on this server prior to the migration 
cannot be migrated. 


This pattern selects and installs these services: 


+ Novell Backup / Storage Management Services (SMS) 
+ NetIQ eDirectory (without a replica) 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ Novell Domain Services for Windows 


Novell Remote Manager 
(NRM) 


Novell Remote Manager lets you securely access and manage one or more 
servers from any location through a standard Web browser. You can use Novell 
Remote Manager to monitor your server's health, change the configuration of your 
server, or perform diagnostic and debugging tasks. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 


+ Novell Linux User Management (LUM) 
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Pattern 


Novell Samba 


Description 


Novell Samba provides Windows (CIFS and HTTP-WebDAV) access to files stored 
on an OES server's file system using an eDirectory user name and password. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 
+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ Novell CIFS 


+ Novell Domain Services for Windows 


Novell Storage Services 
(NSS) 


The Novell Storage Services (NSS) file system provides many unique and powerful 
file system capabilities. It is especially suited for managing file services for 
thousands of users in an organization. It also includes Novell Distributed File 
Services for NSS volumes. 


Unique features include visibility, trustee access control model, multiple 
simultaneous namespace support, native Unicode, user and directory quotas, rich 
file attributes, multiple data stream support, event file lists, and a file salvage 
subsystem. 


NSS volumes are cross-compatible between kernels. You can mount a non- 
encrypted NSS data volume on either the Linux or NetWare kernel and move it 
between them. In a clustered SAN, volumes can fail over between kernels, 
allowing for full data and file system feature preservation when migrating data to 
Linux. 


This pattern selects and installs these services: 


+ Novell Backup/Storage Management Services (SMS) 
+ NetIQ eDirectory 

+ Novell NCP Server 

+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ Xen Virtual Machine Host Server 
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Pattern Description 


Novell Storage Service Beginning with OES 2015, you can join the OES server to an Active Directory 

AD Support domain to provide seamless access to the Active Directory identities on the NSS 
resources. Thereby, the Active Directory users can natively access the NSS 
resources, administer them, and provision rights and quotas for Active Directory 
trustees. This solution is termed as Novell Storage Services Active Directory (NSS 
AD) Support. 


This pattern selects and installs the following services: 


+ 


Novell CIFS 


+ 


Novell Storage Services (NSS) 

+ Novell Backup/Storage Management Services (SMS) 
+ NetIQ eDirectory 

+ Novell NCP Server 

+ Novell Linux User Management (LUM) 


+ Novell Remote Manager (NRM) 
This pattern cannot be installed on the same server as these services: 


+ Novell Domain Services for Windows 


+ Novell Samba 


If you want to install these services, you can select them to install with most other patterns during the 
initial server installation by customizing the installation or you can install them after installing your 
initial Open Enterprise Server. For more information, see “Customizing the Software Selections” on 
page 52 and “Installing or Configuring OES 2015 SP1 on an Existing Server” on page 109. 


2.7 Obtaining OES 2015 SP1 Software 


For information on obtaining OES software, see “Getting and Preparing OES 2015 SP1 Software” in 
the OES 2015 SP1: Planning and Implementation Guide. 


2.8 Preparing Physical Media for a New Server 
Installation or an Upgrade 


To prepare physical media for an installation or upgrade, you must first download ISO image files and 
then burn the DVDs that you need for your server. Detailed download instructions are available in 
“Getting and Preparing OES 2015 SP1 Software” in the OES 2015 SP1: Planning and 
Implementation Guide. 


Table 2-6 lists the image files you need. 
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2.9.1 


Table 2-6 Files to Download 


Platform 


64-bit server with DVD drive 


Files needed 


x86_64-GM-DVD1.iso) 


+ OES 2015 SP1 DVD ISO (OES2015-SP1-addon- 


x86_64-DVD1.iso) 


+ Integrated ISO that has SLES 11 SP4 and OES 
2015 SP1 (OES2015-SP1-addon_with_SLES11- 


SP4-x86_64-DVD.iso) 


These ISO files can be downloaded from the OES 2015 


SP1 download page (http://download.novell.com/ 
index.jsp). 


1 Download the ISO files you need for your hardware capabilities. 


N 


the download page. To get the checksum, use the md5sum <file name> command. 


oOo ON Oo FB WwW 


Insert a blank, writable DVD into your DVD burner. 

Select the option to create a DVD from an image file. 

Select ISO as the file type. 

Select the first image file (see Table 2-6) from the location you downloaded it to. 
Complete the DVD creation process. 

Label the disk. 


Repeat this process for each of the ISO image files you downloaded. 


Setting Up a Network Installation Source 


The YaST install lets you use installation sources files that are hosted on the network to install a new 
server or upgrade an existing server. The following sections describe how to set up a network 
installation source server on the following platforms: 


¢ Section 2.9.1, “SUSE Linux as a Network Installation Source Server,” on page 37 


¢ Section 2.9.2, “NetWare as a Network Installation Source Server,” on page 39 


¢ Section 2.9.3, “Windows as a Network Installation Source Server,” on page 41 


SUSE Linux as a Network Installation Source Server 


To prepare a network installation source on a SUSE Linux server, see: 


¢ SLES 11 SP4 DVD ISO (SLES-11-SP4-DVD- 


Ensure that the checksum of the files you have downloaded are the same as those specified on 


¢ “Setting Up the Server Holding the Installation Sources” in the SLES 11 SP4 Deployment Guide 


¢ The instructions in the following sections: 


+ 


+ 


+ 


“Requirements” on page 38 

“Procedure” on page 38 

“NFS Protocol Configuration” on page 38 
“FTP Protocol Configuration” on page 39 
“HTTP Protocol Configuration” on page 39 
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Requirements 
To set up a network installation source, you need the following: 
O A YaST Network Installation source server 


This source server can be SLES 9 or later, OES 2 or later, Windows, or NetWare 6.5. 


O An active network connection between the installation source server and the OES server you are 
installing or upgrading 


Procedure 


1 Download or copy the ISO image files to a directory of your choice. See “Getting and Preparing 
OES 2015 SP1 Software” in the OES 2015 SP1: Planning and Implementation Guide. 


2 Configure your Linux server to be a YaST installation server and select the location for the root of 
the network installation. 


The three protocol options to choose from for configuring the YaST installation server are NFS, 
FTP, and HTTP. For the protocol configuration procedures, see the following: 


+ “NFS Protocol Configuration” on page 38 
+ “FTP Protocol Configuration” on page 39 
+ “HTTP Protocol Configuration” on page 39 


FTP and HTTP do not allow you to serve the files without possible modifications to . conf files. 
NFS is the simplest protocol to configure and is recommended. 


3 Create a boot DVD using the .iso image file for SUSE Linux Enterprise Server 11 SP4 DVD and 
label it with that name. 


For information on creating this DVD, see “Preparing Physical Media for a New Server 
Installation or an Upgrade” on page 36. 


This DVD will be the network installation boot DVD. 
With these steps completed, you are ready to perform a new installation or upgrade using a network 


installation source. See “Starting the OES 2015 SP1 Installation” on page 44 or “Upgrading to OES 
2015 SP1” on page 115. 


NFS Protocol Configuration 


An NFS share can be shared easily from almost any location on your file system. Use the following 
procedure if you choose to use this protocol: 
1 At your network installation server, launch YaST. 
2 Select Network Services, then click NFS Server. 
You might be prompted to install the NFS server. 


3 On the NFS Server configuration screen, select Start in the NFS Server section, select Open 
Port in Firewall in the Firewall section, then click Next. 


4 In the Directories section, click Add Directory and specify or browse to the directory where you 
have created the install root (Source directory), then click OK. 


5 Accept the defaults in the pop-up window for adding a Host. 
If you are experienced with NFS configurations, you can customize the configuration. 
6 Click Finish. 
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FTP Protocol Configuration 


These instructions use Pure-FTPd and can be implemented through YaST. Depending on the FTP 
server you use, the configuration might be different. 


If you have created your install root (Source directory) within your FTP root, you can forego the 
following procedure and simply start Pure-FTPd. 


The default configuration of Pure-FTPd runs in chroot jail, so symlinks cannot be followed. In order to 
allow FTP access to the install root created outside of the FTP root, you must mount the install root 
directory inside of the FTP root. 


Complete the following if you have not created your install root within your FTP root and you choose 
to use this protocol: 
1 Create a directory inside of your FTP root. 
2 Run the following command: 
mount --bind /path_to_install_root /path_to_directory_in_ftp_root 
For example, 
mount --bind /tmp/OES /srv/ftp/0ES 


3 (Optional) If you want to make this install root permanent, add this command to the /etc/fstab 
file. 


4 Start Pure-FTPd. 


HTTP Protocol Configuration 


These instructions use Apache2 as provided by SLES 11 SP4. 
If you choose to use this protocol: 
1 Modify the default-server.conf file of your HTTP server to allow it to follow symlinks and 
create directory indexes. 


The default -server .conf file is located in the /etc/apache2 directory. In the Directory tag 
of the default-server .conf file, remove None if it is there, add FollowSymLinks and Indexes 
to the Options directive, then save the changes. 


2 (Conditional) If the install root is outside of the HTTP root, create a symbolic link to the install root 
with the following command: 


ln -s /path_to_install_root /path_to_link 
For example, 
ln -s /tmp/OES /srv/www/htdocs/0ES 

3 Restart Apache. 


2.9.2 NetWare as a Network Installation Source Server 


Complete the instructions in this section to set up an Open Enterprise Server (OES) 2015 SP1 
installation source on an existing NetWare 6.5 SP8 server. 


+ “Prerequisites” on page 40 
+ “Copy the Files and Mount Them as NSS Volumes” on page 40 
+ “Create the Boot DVDs” on page 41 


Preparing to Install OES 2015 SP1 39 


Prerequisites 
You need the following: 


O A NetWare 6.5 SP8 server accessible on the network where you plan to install the OES 2015 
SP1 servers with the following: 
+ 6 GB free disk space on the server 
+ The Apache Web Server for NetWare installed and running 


O The following ISO image files from Novell: 


Image File Purpose 
SLES -11-SP4-DVD-x86_64-GM- Boot DVD for x86_64 (64-bit) SLES 11 SP4 installations 
DVD1.iso 


0ES2015-SP1-addon-x86_64-DVD1.iso Install source for x86_64 (64-bit) OES 2015 SP1 services 


0ES2015-SP1-addon_with_SLES11- Integrated ISO has the install source for x86_64 (64-bit) 
SP4-x86_64-DVD.iso SLES 11 SP4 and OES 2015 SP1. It is also acts as the boot 
DVD using SLES 11 SP4. 


For information on downloading these image files, see the Open Enterprise Server 2015 SP1 
Download Instructions (https://download.novell.com/Download?buildid=W-71IB1Nazjc~). 


Copy the Files and Mount Them as NSS Volumes 


The following instructions create unrestricted access to OES 2015 SP1 installation files on a NetWare 
server on your network. Restricting access to the installation files requires additional configuration 
through Apache Manager or requires manual editing of the Apache configuration files. 


For more information on restricting access, see information about the Options, Order, Deny, Allow, 
and other directives on the Apache.org Web Site (http://httpd.apache.org/docs-2.0/mod/ 
directives.html). 


To provide unrestricted access to the OES 2015 SP1 image files: 


1 Create a directory at the root of a server volume with at least 6 GB of free disk space. 
For example, you might create a directory named OES11_INSTALL in a volume named TOOLS. 


2 Restrict access to the directory to only those administrators who copy image files to the directory. 


This is important because if someone attempts to access these files after they are mounted as 
NSS volumes, the volumes are immediately dismounted and are no longer available. 


3 Copy the DVD image files listed in “Prerequisites” on page 40 to the directory you just created. 
4 At the server console, mount each image file as an NSS volume: 
4a Enter the following command: 
nss /MountImageVolume=volume:directory/filename.iso 


Replace volume with the NSS volume name, directory with the directory you created in 
Step 1, and filename with the name of the ISO file. 


For example: 


nss /MountImageVolume=TOOLS:0ES11_INSTALL/SLES-11-SP4-DVD-x86_64-GM- 
DVD1.iso 
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2.9.3 


2.10 


4b Note the assigned volume name. 


For the first SLES DVD you mount, the name is SLES11SP_3, which is the actual volume 
name in the image file. For the second image you mount, the assigned name is DVD_ 
followed by a four-digit number, starting with 0000. 


The same principle applies to the OES 2015 SP1 image files. The first file mounted is the 
actual OES 2015 volume name, but the second image is assigned a DVD_xxxx name. 


Knowing which volume is for which platform is critical as you create an access URL to the 
volume in Apache Manager. 


In a supported browser, start Apache Manager by entering the following URL: 
https://server_ip_address:2200/apacheadmin/login.jsp 

Replace server_ip_address with the IP address of the NetWare server. 

Log in as the Admin user or a user with administrative rights to the Apache server. 


Click the Content Manager icon Bi 


8 Click Additional Document Directories. 


9 Inthe URL Prefix field, specify an alias name you want people to use to access one of the 


10 


13 


mounted volumes. 

Click the Search icon next to the File Path field. 

Click the volume name that matches the alias name you specified in Step 9, then click Finish. 
Click Save > Save and Apply > OK. 

The path to the volume is added as an additional document. 


Repeat from Step 9 for the other three volumes. 


All of the ISO files are now available for access through the Apache Web Server running on the 
NetWare server. 


Create the Boot DVDs 


See Section 2.8, “Preparing Physical Media for a New Server Installation or an Upgrade,” on 
page 36. 


Windows as a Network Installation Source Server 


To prepare a network installation source on a Windows server, see “Using a Microsoft Windows 
Workstation” in the SLES 11 SP 4 Deployment Guide. 


Always Install OES as an Add-On Product 


You must always install OES by adding it as an add-on product while running the YaST install. This is 
not the same as adding the OES installation media as an installation source. 


Failure to do this will prevent the server from registering as an OES 2015 SP1 server with the Novell 
Customer Center. 
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2.11 


2.12 


42 


Install Only One Server at a Time 


You should install one server at a time into a tree. Then wait for the installation program to complete 
before installing an additional server into the same tree. 


What's Next 


Proceed to one of the following sections, depending on the task that you want to perform: 


+ 


+ 


+ 


“Installing OES 2015 SP1 as a New Installation” on page 43 

“Upgrading to OES 2015 SP1” on page 115 

“Using AutoYaST to Install and Configure Multiple OES Servers” on page 189 
“Installing, Upgrading, or Updating OES on a VM” on page 203 

“Installing or Configuring OES 2015 SP1 on an Existing Server” on page 109 
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Installing OES 2015 SP1 as a New 
Installation 


Novell Open Enterprise Server (OES) 2015 SP1 is an add-on product to SUSE Linux Enterprise 
Server (SLES) 11 SP4. When you install and configure OES, you can also install and configure SLES 
11 SP4. Therefore, it is helpful to understand how to perform a SLES 11 SP4 installation. This section 
provides information on the integrated installation of SLES 11 SP4 and OES 2015 SP1. 


For detailed information on performing a SLES installation, see the SLES 11 SP4 Deployment Guide 
(https:/www.suse.com/documentation/sles11/book_sle_deployment/?page=/documentation/sles11/ 
book_sle_deployment/data/book_sle_deployment.html). 


TIP: You can also use the integrated iso (0ES2015-SP1-addon_with_SLES11-SP4-x86_64-DVD.iso) 
for OES 2015 SP1 installation. This ISO has both OES 2015 SP1 and SLES 11 SP4. When you use 
this ISO, you are not require to select OES as an add-on product in the Installation Mode screen. 


This section does not provide step-by-step installation instructions because the installation interface 
is mostly self-explanatory. It does, however, provide information about important steps in the process 
that might require additional explanation. 

¢ Section 3.1, “Linux Software RAIDs Are Not Cluster Aware,” on page 43 

¢ Section 3.2, “Linux Software RAIDs,” on page 44 

¢ Section 3.3, “Starting the OES 2015 SP1 Installation,” on page 44 

¢ Section 3.4, “Specifying the Installation Mode,” on page 47 

¢ Section 3.5, “Specifying the Add-On Product Installation Information,” on page 48 

¢ Section 3.6, “Setting Up the Clock and Time Zone,” on page 48 


¢ Section 3.7, “Specifying the Installation Settings for the SLES Base and OES Installation,” on 
page 48 


¢ Section 3.8, “Specifying Configuration Information,” on page 55 

¢ Section 3.9, “Finishing the Installation,” on page 107 

¢ Section 3.10, “Verifying That the Installation Was Successful,” on page 107 
¢ Section 3.11, “What's Next,” on page 108 


Linux Software RAIDs Are Not Cluster Aware 


Do not use Linux Software RAIDs for devices that you plan to use for shared storage objects. Linux 

Software RAID devices do not support concurrent activation on multiple nodes; that is, they are not 

cluster aware. They cannot be used for shared-disk storage objects, such as the OCFS2 file system, 
cLVM volume groups, and Novell Cluster Services SBD (split-brain-detector) partitions. 


For shared disks, you can use hardware RAID devices on your storage subsystem to achieve fault 
tolerance. 
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3.2 Linux Software RAIDS 


We recommend that you do not use Linux software RAIDs (such as MD RAIDs and Device Mapper 
RAIDs) for devices that you plan to use for storage objects that are managed by NSS management 
tools. The Novell Linux Volume Manager (NLVM) utility and the NSS Management Utility (NSSMU) 
list Linux software RAID devices that you have created by using Linux tools. Beginning with Linux 
Kernel 3.0 in OES 11 SP1, NLVM and NSSMU can see these devices, initialize them, and allow you 
to create storage objects on them. However, this capability has not yet been fully tested. 


IMPORTANT: In OES 11, a server hang or crash can occur if you attempt to use a Linux software 
RAID when you create storage objects that are managed by NSS management tools. 


For NSS pools, you can use hardware RAID devices or NSS Software RAID devices to achieve disk 
fault tolerance. 


For Linux POSIX volumes, LVM volume groups, and cLVM volume groups, you can use hardware 
RAID devices on your storage subsystem to achieve disk fault tolerance. 


3.3 Starting the OES 2015 SP1 Installation 


1 Insert the SUSE Linux Enterprise Server 11 SP4 installation media that you created into the DVD 
drive of the computer that you want to be your OES server. 


2 Boot the machine. 


3 Continue with one of the following procedures: 


¢ Section 3.3.1, “Installing from Physical Media,” on page 44 
¢ Section 3.3.2, “Installing from a Network Source with DHCP,” on page 45 
¢ Section 3.3.3, “Installing from a Network Source without DHCP,” on page 46 


3.3.1 Installing from Physical Media 


1 From the DVD boot menu, select the second option (Installation), then press Enter. 
2 Select the language that you want to use, then click Next. 
3 Read and accept the license agreement, then click Next. 


4 (Conditional) If you haven't already verified that the media you burned is valid, you can check it 
by using the Media Check option; otherwise, click Next to continue with the installation. 


5 Follow the prompts, using the information contained in the following sections: 
5a “Specifying the Installation Mode” on page 47. 
5b “Specifying the Add-On Product Installation Information” on page 48. 
5c “Setting Up the Clock and Time Zone” on page 48. 
5d “Specifying the Installation Settings for the SLES Base and OES Installation” on page 48. 
5e “Specifying Configuration Information” on page 55. 
5f “Finishing the Installation” on page 107. 


6 Complete the server setup by following the procedures in “Completing OES Installation or 
Upgrade Tasks” on page 161. 
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3.3.2 Installing from a Network Source with DHCP 


1 From the DVD boot menu, select one of the following Installation options that matches your 
environment, but do not press Enter. 


+ 


+ 


Installation: The normal installation mode. All modern hardware functions are enabled. 


Installation—ACPI Disabled: If the normal installation fails, it might be because the 
system hardware does not support ACPI (advanced configuration and power interface). If 
this seems to be the case, use this option to install without ACPI support. 


Installation—Local APIC Disabled: If the normal installation fails, it might be because the 
system hardware does not support local APIC (advanced programmable interrupt 
controllers). If this seems to be the case, use this option to install without local APIC 
support. 


If you are not sure, try Installation—ACPI Disabled or Installation—Safe Settings first. 


Installation—Safe Settings: Boots the system with the DMA mode (for DVD drives) and 
power management functions disabled. Experts can also use the command line to enter or 
change kernel parameters. 


At this point you can either 


+ 


+ 


N 


Skip to with Step 4 and input everything as the install prompts you. 
or 


Pre-specify the IP address information and/or the boot options parameters on the Boot 
Options line (see “Using Custom Boot Options” in the SUSE Linux Enterprise Server 
Installation and Administration Guide (http://www.suse.com/documentation/sles11/ 
book_sle_deployment/data/sec_deployment_remoteinst_bootinst.html)). 


(Optional) If you want to specify the IP address information, do it now. 


Otherwise, continue with Step 3. 


w 


(Optional) If you want to specify boot options parameters, do it now. Then press Enter and 


continue with Step 7. 


Otherwise, continue with Step 4. 


4 Press F4, and then select the network installation type (SLP, FTP, HTTP, NFS, SMB/CIFS) that 
you set up on your network installation server. 


See Step 2 on page 38 of the SUSE Linux as a Network Installation Source Server procedure. 


N © oO 


Specify the required information (Server name and installation path), then select OK. 
Press Enter to begin the installation. 


Follow the screen prompts, referring to the information in the following sections as needed 


(remember that not all required selections are documented): 


7a 
7b 
7c 
7d 
7e 

7f 


“Specifying the Installation Mode” on page 47. 

“Specifying the Add-On Product Installation Information” on page 48. 

“Setting Up the Clock and Time Zone” on page 48. 

“Specifying the Installation Settings for the SLES Base and OES Installation” on page 48. 
“Specifying Configuration Information” on page 55. 


“Finishing the Installation” on page 107. 


8 Complete the server setup by following the procedures in “Completing OES Installation or 
Upgrade Tasks” on page 161. 
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3.3.3 Installing from a Network Source without DHCP 


1 


o ON Oo fF 


18 


From the DVD boot menu, select one of the following Installation options that matches your 
environment. 


+ Installation: The normal installation mode. All modern hardware functions are enabled. 


¢ Installation—ACPI Disabled: If the normal installation fails, this might be because of the 
system hardware not supporting ACPI (advanced configuration and power interface). If this 
seems to be the case, use this option to install without ACPI support. 


¢ Installation—Local APIC Disabled: If the normal installation fails, this might be because 
of the system hardware not supporting local APIC (advanced programmable interrupt 
controllers). If this seems to be the case, use this option to install without local APIC 
support. 


If you are not sure, try Installation—ACPI Disabled or Installation—Safe Settings first. 


¢ Installation—Safe Settings: Boots the system with the DMA mode (for DVD drives) and 
power management functions disabled. Experts can also use the command line to enter or 
change kernel parameters. 


At this point you can pre-specify the IP address information, and so forth, on the Boot Options 
line (see “Booting the Target System for Installation” in the SUSE Linux Enterprise Server 
Deployment Guide (http://www.suse.com/documentation/sles11/book_sle_deployment/data/ 
sec_deployment_remoteinst_bootinst.html) 


If you want to specify the IP address information, and so forth, do it now. Then press Enter and 
continue with Step 19 on page 47. 


Otherwise, press Enter, continue with Step 3, and input everything as the install prompts you. 
When you receive the following error, select OK and press Enter: 


Could not find the SUSE Linux Enterprise Server 11 SP3 Installation source. 
Activating manual set up program. 


Select the language, then select OK and press Enter. 

Select a keyboard map, then select OK and press Enter. 

Select Start Installation or System, then select OK and press Enter. 
Select Start Installation or Update, then select OK and press Enter. 
Select Network, press Enter, then select OK and press Enter. 


Select the network protocol that matches the configured protocol on your network installation 
server, then press Enter. 


(Conditional) If you have more than one network interface card, select one of the cards, then 
press Enter. 


We recommend ethO. 

When prompted whether you want to use DHCP, select No, then press Enter. 
Specify the IP address for the server, then press Enter. 

Specify the subnet mask, then press Enter. 

Specify the gateway, then press Enter. 

Specify the IP address of a name server, then press Enter. 

Specify the IP address of the network installation server, then press Enter. 


(Conditional) Depending on the protocol you specified, you might see additional screens for FTP 
or HTTP. Select the options that are appropriate for your network, then continue with Step 18. 


Specify the path to your installation source on the network installation server, then press Enter. 
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19 Follow the prompts, using the information contained in the following sections: 
19a “Specifying the Installation Mode” on page 47. 
19b “Specifying the Add-On Product Installation Information” on page 48. 
19c “Setting Up the Clock and Time Zone” on page 48. 
19d “Specifying the Installation Settings for the SLES Base and OES Installation” on page 48. 
19e “Specifying Configuration Information” on page 55. 
19f “Finishing the Installation” on page 107. 


20 Complete the server setup by following the procedures in “Completing OES Installation or 
Upgrade Tasks” on page 161. 


3.4 Specifying the Installation Mode 


1 When the Installation Mode page displays, select the following two menu options, then click 
Next: 


+ New Installation 


+ Include Add-On Products from Separate Media 


Ce {M Installation Mode 


SUSE. Linux 
Enterprise 


Preparation 


> System Analysis Select Mode 


ie @ New Installation 
geo 
2) 


2N © Repair Installed System 


X Include Add-On Products from Separate Media 


NOTE: If you have used the integrated iso (OES2015-SP1-addon_with_SLES11-SP4-x86_64- 
DVD. iso) for the OES 2015 SP1 installation, do not select Include Add-On Products from 
Separate Media. 


2 Continue with Section 3.5, “Specifying the Add-On Product Installation Information,” on page 48. 
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3.5 Specifying the Add-On Product Installation 
Information 


1 When the Add-On Product Installation page displays, click Add. 
2 If you are installing OES 2015 SP1 from a DVD, do the following: 
2a On the Add-On Product Media page, click DVD, then click Next. 


2b On the Insert the Add-On Product DVD page, select the appropriate drive where you want 
to insert the OES 2015 SP1 DVD. 


2c Click Eject. 
2d Insert the DVD labeled Novell Open Enterprise Server 2015 DVD 1, then click Continue. 


3 If you are using an alternate installation source, such as a network installation source, click the 
appropriate option for your situation, then click Next and supply the required information. 


4 Read and accept the Novell Open Enterprise Server 2015 SP1 license agreement, then click 
Next. 


5 Confirm that the Add-On Product Installation page shows the correct path to the OES media, 
then click Next. 


6 Continue with Section 3.6, “Setting Up the Clock and Time Zone,” on page 48. 


NOTE: During this add-on method of OES installation, the Import Untrusted GnuPG Key pop-up 
is displayed. Import the key and then proceed. 


3.6 Setting Up the Clock and Time Zone 


1 Ensure the Clock, Region, Timezone, and Time and Date settings are what you want, then click 
Next. 


You can configure this information after the installation is complete, but it is easier to do it during 
the installation. 


2 Continue with Section 3.7, “Specifying the Installation Settings for the SLES Base and OES 
Installation,” on page 48. 


3.7 Specifying the Installation Settings for the SLES 
Base and OES Installation 


The Installation Settings page lets you specify which software and services are installed on your 
server. 


¢ Overview tab: This lets you specify everything that is normally required for an OES installation. 


+ Expert tab: This lets you fully customize your SLES installation settings. For detailed 
information, see “Deployment” in the SLES 11 SP4 Deployment Guide (http://www.suse.com/ 
documentation/sles11/book_sle_deployment/data/book_sle_deployment.html). Keep in mind, 
however, that the SLES guide does not contain instructions for OES-specific components or 
configurations. 


IMPORTANT: If you accept the defaults at this point in the installation process, only the base OES 
components are installed. 
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3.7.1 


You can add OES services later, but you should at least read the guidelines and follow the applicable 
procedures in the following sections: 

¢ “Setting Up Disk Partitions” on page 49 

¢ “Customizing the Software Selections” on page 52 


+ “Accepting the Installation Settings” on page 54 


Setting Up Disk Partitions 


In most cases, YaST proposes a reasonable partitioning scheme that can be accepted without 
change. You can also use YaST to customize the partitioning. 

+ “Guidelines” on page 49 

¢ “NSS on the System Disk” on page 50 

¢ “Security Flag Recommendations” on page 50 

¢ “Partitioning X86 Machines” on page 51 

¢ “Disk Partition Statistics” on page 51 

+ “Combining Hard Disk Partitions” on page 52 


Guidelines 


Table 3-1 presents guidelines for setting up disk partitions on your OES server. For more information, 
see “Installation Settings” in the SLES 11 SP4 Deployment Guide (https://www.suse.com/ 
documentation/sles11/book_sle_deployment/data/book_sle_deployment.html). 


Table 3-1 Partition Guidelines 


Partition to Other Considerations 
Create 


/boot Depending on the hardware, it might be useful to create a boot partition (/boot) to hold the 
boot mechanism and the Linux kernel. 


You should create this partition at the start of the disk and make it at least 8 MB or 1 cylinder. 
As a rule of thumb, always create such a partition if it was included in the YaST original 
proposal. If you are unsure about this, create a boot partition to be on the safe side. 


IMPORTANT: In a Xen VM installation, format the /boot partition using Ext2 as the file 
system. For a technical explanation of why this is necessary, see “Paravirtual Mode and 
Journaling File System” in the Virtualization with Xen (http://www.suse.com/documentation/ 
sles11/book_xen/data/book_xen.html) guide. 


swap This should normally be twice the size of the RAM installed on your server. If you create a / 
boot partition, create the swap partition second. Otherwise, create the swap partition first. 


/ Define this partition as 3 GB or more. In all cases, create this partition after you create the swap 
partition. Keep in mind that this root (/) partition contains all of the partitions listed below that 
you don’t specifically create. 


/var This contains system logs and should therefore be a separate partition to avoid impacting 
system and service stability because of a disk-full condition. 


Define this partition as 4 GB or more. 
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Partition to Other Considerations 


Create 

/opt Some (mostly commercial) programs install their data in /opt. 
Define this partition as 4 GB or more. 

/usr Creating this as a separate partition makes updating the server easier if you need to reinstall 
the system from the beginning because you can keep the partition intact. 
Define this partition as 4 GB or more. 

/srv This contains the web and FTP servers. 
Consider making this a separate partition to avoid having someone flood the disk by accident 
or on purpose, which impacts system and service stability. 

/home User Home directories go here. 
Consider making this a separate partition to avoid having someone flood the disk by accident 
or on purpose, which impacts system and service stability. 
You can allocate the rest of the disk space to this partition. 

/tmp Creating this as a separate partition is optional. However, because it is writable by everyone, 


best practices suggest creating a separate partition to avoid having someone flood the disk by 
accident or on purpose, which impacts system and service stability. 


Place application-specific files on a separate partition. 


If you are building a mail server, note where the mail spools reside because they can grow 
quite large, and you need to anticipate this when you are defining partition sizes. 


NSS on the System Disk 


For OES, Novell Storage Services (NSS) volumes can be used only as data volumes, not as system 
volumes. 


Additionally, they cannot be created as part of the install process. 


However, you must consider whether you will be creating them in the future on the storage device 
where you are installing Linux. (Creating NSS volumes on storage devices that don’t contain Linux 
system partitions requires no special handling.) 


The default volume manager for Linux POSIX volumes on SUSE Linux is LVM (Linux Volume 
Manager). 


Security Flag Recommendations 


The following table indicates the recommended security flags for each partition. A question mark 
indicates that some software might not work if this flag is set. 
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Mount Point 
/ 

/var 

/tmp 

/home 

/srv 


/usr/local 


Mount Options 


nosuid 

nosuid 

nosuid, nodev, noexec? 

nosuid?, nodev?, noexec?, ro? (after installation) 
nosuid?, nodev?, ro? (after installation) 


IMPORTANT: Proprietary software installations 
might fail if executables in /tmp cannot run as the 
file owner (suid), and devices might not work in / 
usr/local, etc. In such cases, remount those 
partitions temporarily with security deactivated. 


Partitioning X86 Machines 


+ There can be a maximum of four primary partitions or three primary partitions and one extended 
partition. An extended partition can hold 15 (SCSI) or 63 (IDE) logical partitions. 


¢ Each partition is assigned a partition type, depending on the file system planned for the partition. 


+ Each partition holds its own file system. 


¢ Partitions are mounted into the file system tree at mount points. The content of the partition is 
visible to users with sufficient access privileges below the mount point. 


+ One of the partitions must hold the root (/) file system. Other partitions can be integrated into the 
root file system by using the mount command. 


¢ The /etc/fstab file holds partition and mount point information to allow automatic mounting at 


boot time. 


e Device files in the “device” (/dev) partition are used to represent and address partitions; for 


example: 


/dev/hda 
/dev/hdat 
/dev/hda5 
/dev/sdb 
/dev/sdb3 


Master disk on the first IDE channel 

First primary partition on the IDE channel disk 

First logical partition within the extended partition on that disk 
Second SCSI disk 


Third primary partition on the second SCSI disk 


Disk Partition Statistics 


Use the following commands to get information about system storage usage: 
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df Displays information about partitions 


df -h Displays information in megabytes or gigabytes as applicable (human readable 
format) 

du Displays disk usage 

du /dirA Displays the size of each file and directory in dirA 

du -sh Prints a summary of information in megabytes or gigabytes 


Combining Hard Disk Partitions 


+ Partitions from two or more hard disks can be combined by using the logical volume manager 
(LVM). 

¢ Partitions (physical volumes) can be combined into a volume group, which in turn can be divided 
into logical volumes that contain their own file systems. 


Doing this increases flexibility because physical volumes can be easily added to the volume group if 
more storage space is needed. Logical volumes can be added while the machine is up and running. 


3.7.2 Customizing the Software Selections 


IMPORTANT: To install any of the OES patterns, you must customize the software selections. If you 
don’t make any selections, only the base SLES 11 SP4 and the base OES packages are installed. 
However, you can install any of the patterns after the base SLES 11 SP4 installation is complete. See 
“Installing or Configuring OES 2015 SP1 on an Existing Server” on page 109. 


To customize which software packages are installed on the server: 


1 On the Installation Settings page, click Software. 


The Open Enterprise Server add-on adds the OES Services category of patterns to the base 
software selection categories offered by the SLES 11 SP4 installation. OES Services include 
patterns that contain Novell services or products such as Novell DNS and DHCP services, iPrint, 
or iManager. 


None of the OES Services is selected by default. This lets you fully customize your OES server. 
2 At this point, you can do the following to customize your software selections: 


+ Select OES Services: You can select any number of the OES Services patterns as long as 
you avoid unsupported service combinations (See “Unsupported Service Combinations” in 
the OES 2015 SP1: Planning and Implementation Guide). 
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Sa 32-Bit Runtime Environment 


E Virtualization Host (non-emb 
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Novell DHCP 
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S Novell DNS 


RI Novell Domain Services for 


D Novell eDirectory 
T Novell FTP 
Q Novell iFolder 


© | Novell iManager — 


iM Cancel Accept | 


A description of each pattern displays to the right of the pattern when it is selected. For a 
description of OES Services patterns and the components selected with each pattern, see 
Table 2-5 on page 29. 


You can manually change the default SLES selections by changing the install status and 
selecting the patterns offered in each category. 


IMPORTANT: If you deselect a pattern after selecting it, you are instructing the installation 
program to not install that pattern and all of it dependent patterns. Rather than deselecting a 
pattern, click Cancel to cancel your software selections, then click the Software heading 
again to choose your selections again. 


Selecting only the patterns that you want to install ensures that the patterns and their 
dependent patterns and packages are installed. 


If you click Accept and then return to software pattern selection page, the selections that 
you made become your base selections and must be deselected if you want to remove 
them from the installation proposal. 


You must install at least one of the SLES Base Technologies patterns. 


Selecting a pattern automatically selects the other patterns that it depends on to complete 
the installation. 
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+ Customize Your Selections: You can view the details of your selection and add or remove 
specific packages for the installation by clicking Details. 


File Package Dependencies Options Extras Help 


View yx | Search | Patterns | Installation Summary | | Ao 
Pattern a 
a Base Technologies Package Y Summary | 
[4 Base System © Consolekit System daemon for tracking users, sessions and E 
E FirmwareUpdateKit Assist with DOS-based firmware updates 
A tT AppArmor © OpeniPMi OpenIPMI 
=: f ; - © Policykit Authorization Toolkit 
O | 32-Bit Runtime Environment © suse firewall Stateful Packet Filter Using iptables and netfilter 
a i nig E acl Commands for Manipulating POSIX Access Cont. 
0 E E aaa Host (non: © acpid Executes Actions at ACPI Events 
O W kvm virtualization Host (no... E at A Job Manager 
bd E attr Commands for Manipulating Extended Attributes 
Z E Help and Support Document... E audit-libs User Space Tools for Kernel Auditing 
[4 autofs A Kernel-Based Automounter 
© ga Minimal System (Appliances) E autoyast2 YaST2 - Auto-Installation 
= Open Enterprise Ser... | E autoyast2-installation YaST2 - Auto-Installation: Installation Modules 
= | E bc GNU Command Line Calculator 
Cg Novell AFP © bind-libs Shared libraries of BIND 
A F Novell Backup / Storage Ma... L & bind-utils Utilities to query and test DNS y 
= ee faaee] > 
A 
z wd Novell CIES Description | Technical Data | Dependencies | Versions | File List | Change Log 
Q 3 
© =Ñ% Novell Cluster Services (NCS) autofs - A Kernel-Based Automounter 
[m| -o Novell DHCP Autofs is a kernel-based automounter for Linux. It is still under development, although 
P the features currently implemented seem to work well. There is nowhere near enough 
O we Novell DNS documentation available yet. Help in getting some written would be appreciated. This 
(im ackage replaces the amd package. 
oO % Novell Domain Services for ... R 9 R L a 
= 
Z ® NetIQ eDirectory 
IO non Novell FTP 
oO H Novell iFolder 5 | Cancel | | Accept 


3 When you have selected the software components that you want to install, click Accept. 

4 Ifyou are prompted with the license agreement for Professional TrueType Fonts, click Accept. 
5 (Conditional) If the prompt for Automatic Changes displays, click Continue. 

6 (Conditional) If prompted, resolve any dependency conflicts. 


3.7.3 Accepting the Installation Settings 
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1 Review the final Installation Summary page to ensure that you have all the Installation settings 
you desire. 


2 After you have changed all the Installation Settings as desired, click Accept. 
3 On the Confirm Installation page, click Install. 
The base installation settings are applied and the packages are installed. 


4 For installations using a network installation source, you can remove the network boot DVD 
(SLES 11 SP4 DVD 1) from the DVD drive. 


or 
For installations using a DVD installation source, leave the DVD in the DVD drive. 
5 After the server reboot, proceed with “Specifying Configuration Information” on page 55. 
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3.8 Specifying Configuration Information 


When the server reboots, you are required to complete the following configuration information: 


+ 


+ 


3.8.1 


Section 3.8.1, “Specifying the Password for the System Administrator “root”,” on page 55 
Section 3.8.2, “Specifying the Hostname and Domain Name,” on page 55 

Section 3.8.3, “Specifying Network Configuration Settings,” on page 56 

Section 3.8.4, “Testing the Connection to the Internet,” on page 59 

Section 3.8.5, “Specifying Novell Customer Center Configuration Settings,” on page 59 
Section 3.8.6, “Updating the Server Software,” on page 61 

Section 3.8.7, “Specifying Service Configuration Settings,” on page 63 

Section 3.8.8, “Typical and Custom OES Configuration,” on page 65 

Section 3.8.9, “Specifying LDAP Configuration Settings,” on page 67 

Section 3.8.10, “Specifying eDirectory Configuration Settings,” on page 69 

Section 3.8.11, “Configuring OES Services,” on page 77 

Section 3.8.12, “Configuration Guidelines for OES Services,” on page 78 


Specifying the Password for the System Administrator 


“root” 


In the Password for the System Administrator root page: 


1 Specify the password for the root administrator. 


2 


For security reasons, the root user’s password should be at least five characters long and 


case sensitive. 


Blowfish > OK. 
Confirm the password. 


3 Click Next. 


3.8.2 Specifying the Hostname and Domain Name 


On the Hostname and Domain Name page: 


1 Specify the hostname associated with the IP address you have or will assign to the server. 


2 


Specify the domain name for the server. 


3 Deselect Change Hostname via DHCP. 
4 Click Next. 
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should contain a mixture of both uppercase and lowercase letters and numbers. Passwords are 


The default password length limit is 8 characters. The maximum possible length for passwords is 
72 characters. If you have a password longer than eight characters, click Expert Options > 


55 


3.8.3 Specifying Network Configuration Settings 


56 


On the Network Configuration page, you can change the configuration for the following, most of which 
do not apply in an OES server installation scenario: 


+ 


+ 


+ 


+ 


Network Mode 

Firewall 

IPv6 

Network Interfaces 

DSL Connections 

ISDN Adapters 

Modems 

VNC Remote Administration 
Proxy 


In this section, we provide details only for the components that apply to OES servers. 


+ 


+ 


“Network Interface” on page 56 


“Firewall” on page 57 


Network Interface 


Configuration success is directly tied to specific networking configuration requirements. Ensure that 
the settings covered in the steps that follow are configured exactly as specified. 


Specify the setting for each network board on the server: 


1 
2 


On the Network Configuration page, click Network Interfaces. 


On the Network Card Configuration Overview page, select the network card you want to 
configure, then click Edit. 


Select Static Address Setup, then specify the IP address and the subnet mask for the interface. 
OES requires a static IP address. 
In the Detailed Settings list, select Hostname and Name Server. 


4a In the Name Servers and Domain Search List panel, specify from one to three DNS server 
IP addresses. 


4b Click OK to return to the Detailed Settings list. 
In the Detailed Settings list, select Routing. 


5a Specify the IP address of the default gateway on the subnet where you are installing the 
OES server. 


5b Click OK to return to the Detailed Settings list. 
Click Next to return to the Network Card Configuration Overview page. 


7 Complete Step 2 through Step 6 for each network board, then click Next to return to the main 


Network Configuration page. 
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Firewall 


For security reasons, a firewall is started automatically on each configured interface. The 
configuration proposal for the firewall is updated automatically every time the configuration of the 
interfaces or services is modified. 


Many of the OES services require an open port in the firewall. Table 3-2 shows the ports that are 
automatically opened when each listed OES service is configured. 


Table 3-2 Open Enterprise Server Services and Ports 


Service Default Ports 


Domain Services for Windows + 1636 (LDAPS) 
* 1389 (LDAP) 
+ 88 (Kerberos TCP and UDP) 
+ 135 (RPC Endpoint Manager TCP and UDP) 
+ 1024 - 65535 (RPC Dynamic Assignments TCP) 
+ 3268 (Global Catalog LDAP TCP) 
+ 3269 (Global Catalog LDAP over SSL TCP) 
+ 123 (Network Time Protocol UDP) 
+ 137 (NetBIOS Name Service TCP and UDP) 
+ 138 (NetBIOS Datagram Service TCP and UDP) 
+ 139 (NetBIOS Session Service TCP and UDP) 
+ 8025 (Domain Service Daemon TCP) 
+ 445 (Microsoft-DS traffic TCP and UDP) 


NetIQ eDirectory + 389 (LDAP) 
+ 636 (Secure LDAP) 


IMPORTANT: The scripts that manage the common proxy 
user require port 636 for secure LDAP communications. 


+ 8028 (HTTP for iMonitor) 
+ 8030 (secure HTTP for iMonitor) 
+ 524 (NCP) 


iManager + 80 (HTTP) 
+ 443 (secure HTTP) 


iPrint + 80 (HTTP) 
+ 443 (secure HTTP) 
* 631 (IPP) 

Novell Identity Translator + 3268 
+ 389 

Novell AFP + 548 
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Service Default Ports 


Novell CIFS + 139 (Netbios) 
+ 445 (Microsoft-ds) 


Novell DHCP + 67 

Novell DNS + 953 (secure HTTP) 
* 53 (TCP) 
+ 53 (UDP) 

Novell FTP + 21 

Novell Information Portal + 80 (HTTP) 


+ 443 (secure HTTP) 
Novell NetWare Core Protocol (NCP) + 524 


Novell Remote Manager + 8008 (HTTP) 
+ 8009 (secure HTTP) 


NURM + 80 
+ 443 
SFCB + 5988 (HTTP) 


+ 5989 (secure HTTP) 


Samba + 139 (Netbios) 
+ 445 (Microsoft-ds) 


Secure Shell + 22 
Storage Management Services (Backup) + 40193 (smdr daemon) 
Time Synchronization + 123 (Network Time Protocol UDP) 


To adapt the automatic settings to your own preferences: 


1 Click Change > Firewall. 


2 Inthe left panel, select the settings you want to change, then make the changes in the right 
panel. 


3 When you are finished, click Accept. 
For more information about the firewall, see “Configuring the Firewall with YaST” in the SUSE Linux 


Enterprise Server 11 Security Guide (http://www.suse.com/documentation/sles11/book_security/data/ 
sec_fire_suse.html). 


To disable the firewall: 


1 On the Network Configuration page, under Firewall, click enabled on the Firewall is enabled 
status line. 
When the firewall is disabled, the status for Firewall should read Firewall is disabled. 


2 Verify that the settings on the Network Configuration page are set as desired, then click Next to 
save the configuration. Continue with “Testing the Connection to the Internet” on page 59. 
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3.8.4 Testing the Connection to the Internet 


On the Test Internet Connection page: 


1 Select Yes, Test Connection to the Internet, then click Next. 


Obtaining the latest SUSE release notes might fail at this point. If it does, view the log to verify 
that the network configuration is correct, then click Next. 


If the network configuration is not correct, click Back > Back and fix your network configuration. 
See “Network Interface” on page 56. 


IMPORTANT: Do not skip this test. For a successful install, you must configure the Novell 
Customer Center and update SLES 11 SP4 from the patch repository before configuring OES 
services. 


2 Continue with “Specifying Novell Customer Center Configuration Settings” on page 59. 


3.8.5 Specifying Novell Customer Center Configuration Settings 


OES 2015 SP1 requires that the SLES 11 SP4 base be updated prior to installing and configuring 
OES 2015 SP1 services. If not, some OES services, such as Novell FTP, will not function properly 
after the installation and will need to be configured again after the SLES patches are applied. 


Therefore, when you are entering the Novell Customer Center configuration information, it is critical 
that you enter either your purchased SLES 11 SP4 code or the 60-day evaluation code available with 
your SLES 11 SP4 download. 


NOTE: Post January 2019, if anew OES 2015 SP1 server is installed, the message to import the 
keys is displayed during the registration of the server to the customer center. For more information, 
see Appendix C, “Importing New Build Keys to the Keyring,” on page 271. 


1 On the Novell Customer Center Configuration configuration page, select all of the following 
options, then click Next. 


Option What it Does 
Configure Now Proceeds with registering this server and the SLES 11 SP4 and OES 2015 SP1 


product in the Novell Customer center. 


Hardware Profile Sends the information to the Novell Customer Center about the hardware that 
you are installing SLES 11 SP4 and OES 2015 SP1 on. 


Optional Information Sends optional information to the Novell Customer Center for your registration. 
For this release, this option doesn’t send any additional information. 

Registration Code Makes the registration with activation codes mandatory. 

Regularly Synchronize Keeps the installation sources for this server valid. It does not remove any 

with the Customer installation sources that were manually added. 

Center 


2 After you click Next, the following message is displayed. 


a YaST2@blr8-117-254 x 


Contacting server... 


This may take a while 
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Wait until this message disappears and the Manual Interaction Required page displays. 


3 On the Manual Interaction Required page, note the information that you will be required to 
specify, then click Continue. 


4 On the Novell Customer Center Registration page, specify the required information in the 
following fields, then click Submit: 


Field Information to Specify 


Email Address The email address for your Novell Login account. 


Confirm Email Address The same email address for your Novell Login account 


SUSE Linux Enterprise Specify your purchased or 60-day evaluation registration code for the SLES 11 
Server 11 SP4 (optional) SP4 product. 


If you don’t specify a code, the server cannot receive any updates or patches. 


Open Enterprise Server Specify your purchased or 60-day evaluation registration code for the OES 
2015 SP1 (optional) 2015 SP1 product. 


If you don’t specify a code, the server cannot receive any updates or patches. 


System Name or Specify a description to identify this server. 
Description (optional): 


5 When the message to complete the registration displays, click Continue. 


6 After you click Continue, the following message is displayed with the Manual Interaction 
Required screen. 


E] YaST2@blr8-117-254 x 


Contacting server... 


This may take a while 


Wait until this message disappears and the Novell Customer Center Configuration page 
displays. 


7 Select Configure Now to download any updates that are available for the server, then click Next. 
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Ga 4 Novell Customer Center Configuration 


SUSE. Linux 
Enterprise 


Preparation 


Get technical support and product updates and 
manage subscriptions with Novell Customer Center 


Novell Customer Center Configuration 


© Configure Later 
@ Configure Now (Recommended) 


Configuration 


s Include for Convenience 
Perform Update : X Hardware Profile 


Network 


> Customer Center 


8 Continue with “Updating the Server Software” on page 61. 


3.8.6 Updating the Server Software 


When you have a successful connection to the Internet and have registered the server in the Novell 
Customer Center, the server displays the Online Update page. You must run the online update now 
for a successful OES installation. 


1 On the Online Updates page, click Run Update > Next. 
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Gre [A Online Update 


SUSE. Linux 
Enterprise 


Preparation 


Update 


Run Online Update now? 
@ Run Update 
© Skip Update 


2 On the page that shows that updates are available, click Accept. 


The check marks that are shown on the summary portion of the page are the patches that will be 


installed on your system after clicking Accept. 


File Package Patch Dependencies Options Extras Help 


| view ~| Search | Pattems | Installation Summary Patches 


Security update for tiff 

Security update for tiff 

Security update for the Linux Kernel 
Security update for the Linux Kernel 
Security update for sblim-sfcb 
Security update for rsync 

Security update for ipcbind 
Security update for postgresqi94 
Security update for postgresqi94 
Security update for phpS3 

Security update for phpS3 

Security update for phpS3 


Fa Se Sed Sek Sd Se Sk Sk Sd RND, 


Show Patch Category: 


Patch Description 


BERRIN | / [Package  |Summay | nstatted gavaitabie) [size | 


Description Technical Data 


3 When you see the following message, click Next. 
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Dependencies File List Change Log 


Cancel Accept 


eS |A Patch Download and Installation 


SUSE. Linux a Marein 
Enterprise 
Preparation OK e 
Installing /ıipm86_64/libzypp-9.38.8-0.8.386_64.ıpm: "Package, Patch, 
Management" a 
OK 
Installing /tpm/noarch/tomcat6-serviet-2_5-api-6.0.45-0.50.1 noarch.1pm: " 
implementation classes" i 
OK 
Installing /ipm/86_64/xtsprogs-3.1 .8-0.7.1.x86_64.1pm: "Utilities for m: 
OK 
Umane BUMA ` Installing /1ipm/86_64/xo1g-x11-libX11-7.4-5.11.15.1 .x86_64 1pm: "X. 
Update Summa : oK 
Perform Update : Installing ./tpmh@6_64/xorg-x11 -libX11-32bit-7.4-5.11 15.1 x86_64 tpi 
S OK 


Update 


Configuration : Installing ./tpm/x86_64/zypperlog-1.6.330-16.4.x86_64.1pm: "CLI 
` OK 
Perform Update : Installing /ipm/@6_64/zypper-1 .6.330-16.4.x86_64.1pm: "Cor 
` oK 


Newart : Installing ./tpm/noarch/tomcats-jsp-2_1-api-6.0.45-0.50.1.n: 
` - ` implementation classes" 


ia : oK 
> Online Update : ng /tpm/x86_64/xscreensaver-S.07-6.36.1. 
ES Configuration : * nn 


Clean Up 


Relea 


4 Inthe pop-up that informs you about the kernel update, click OK. 
The system reboots before continuing the installation. 
5 Continue with “Specifying Service Configuration Settings” on page 63. 


3.8.7 Specifying Service Configuration Settings 


Because the server was rebooted during the installation, the default settings for CA management lost 
the root password as indicated by the red text under CA Management. 


1 Reset the password for root. 
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= (D Network Services Configuration 


SUSE. Linux 
Enterprise 


Preparation 


© Skip Configuration 
@ Use Following Configuration 


5 Unable to retrieve the system root password. Set a CA password to continue. 


J | Password: 


ns nary 
Perform Installation ` ; i - z 


Configuration 
J Confirm Password 


Clean Up 
Release 


Hardware Configuration 


2 Observe the settings on the Installation Settings page. 


+ CA Management: This indicates the certificate that is used by the Apache web server if 
another certificate is not specified. 


By default, OES creates and installs a replacement eDirectory certificate later in the 
installation process. We recommend that you accept the eDirectory certificate option 
because it is much more secure than the certificate that is proposed. 


Alternatively, you can install a third-party certificate. 


In all cases, do not disable the configuration at this point because the services that use 
Apache will not work if you do. 


For more information about OES certificate management, see “Certificate Management” in 
the OES 2015 SP1: Planning and Implementation Guide. 


+ OpenLDAP Server: Do not enable this option. On OES servers, NetIQ eDirectory LDAP 
server replaces the SLES 11 SP4 OpenLDAP server. 


3 If you are not installing a third-party certificate, click Next. 
or 


If you are installing a third-party certificate, click CA Management and refer to the information 
about Certificate Authority Management on SLES. See in the “Managing X.509 Certification” in 
the SUSE LINUX Enterprise Server 11 Security Guide (http:/www.suse.com/documentation/ 
sles11/book_security/data/cha_security_yast_ca.html). Then return to these instructions to 
continue your OES installation. 
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4 If you did not select the NetIQ eDirectory pattern for this server, continue with “Specifying LDAP 
Configuration Settings” on page 67. 


Otherwise, skip the next section and continue with “Specifying eDirectory Configuration Settings” 
on page 69. 


3.8.8 Typical and Custom OES Configuration 


Beginning with OES 2015 SP1, you can configure OES in two methods: Typical Configuration and 
Custom Configuration. The Typical Configuration is also called as Express Install. It helps to install 
OES 2015 SP1 with minimal user intervention and the Custom Configuration is the detailed usual 
method to configure OES. 


Gre Novell Open Enterprise Server Configuration 


SUSE. Linux 
Enterprise 


Preparation 


OES Configuration 


@ Typical Configuration (requires minimal input) 
) Custom Configuration (requires input for all options) 


Servic 


OES Configuration 


Users 
Clean Up 
Release Notes 


Hardware Configuration 


Typical Configuration 


In the OES Configuration screen, if you have chosen to configure OES using Typical Configuration, 
you only need to provide the following minimum configuration details: 


¢ SLP Server and SLP Scopes: In these fields, specify the host name or the IP address of the 
server where the SLP agent is running and the SLP scopes. If you don't enter any SLP details, 
multicast SLP mode is chosen by default. 


NOTE: If you would like to use the current server as the DA server, click Back and choose the 
custom configuration instead of typical configuration. 
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NTP Time Server: Specify the IP address or the host name of the Network Time Protocol (NTP) 
server. 


New or Existing Tree: If you would like to configure OES using an existing eDirectory tree, 
choose Existing Tree else New Tree. 


eDirectory Tree Name: Provide the eDirectory tree name. 


IP Address of an existing eDirectory Server with a replica: If you have chosen to configure 
OES using an existing tree, this field is enabled to provide the IP address of an existing 
eDirectory serer. 


IMPORTANT: Ensure that you verify the status of the eDirectory tree using the Validate button. If 
the validation is unsuccessful, do not proceed further with the OES configuration until the 
eDirectory server is up and running. 


FDN of the tree administrator: Specify the fully distinguished name of the administrative user. 


Admin Password and Verify the Admin Password: In these two fields, specify the eDirectory 
administrative passwords. 


Enter Server Context: Specify the location of the server context in the eDirectory tree. 


After providing all these details, click Next. OES will be installed and configured without any user 
intervention. 


Gre ©. Express Installation 


SUSE. Linux 
Enterprise 


Preparation 


SLP Server SLP Scopes 


| i | [DEFAULT } 


NTP Time Server 


| ) 


New or Existing Tree 
@ New Tree 

Existing Tree 
eDirectory Tree Name 


[ 


|P Address of an existing eDirectory sewer with a replica | 


} | 


I 


EDN of the tree administrator (e.g. cn=admin,o=novell) 


[ cn=admin.o=novell 


Admin Password VerityAdmin Password 
CE | (secco 
Enter Server Context 


Custom Configuration 
This is the normal method of installing and configuring OES by providing every configuration detail 


that OES requires instead of using the default configuration details. Custom configuration is 
explained in detailed in Section 3.8.9, “Specifying LDAP Configuration Settings,” on page 67, 
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Section 3.8.10, “Specifying eDirectory Configuration Settings,” on page 69, Section 3.8.11, 
“Configuring OES Services,” on page 77, and Section 3.8.12, “Configuration Guidelines for OES 
Services,” on page 78. 


3.8.9 Specifying LDAP Configuration Settings 


Many of the OES services require eDirectory. If eDirectory was not selected as a product to install on 
this server but other OES services that do require LDAP services were installed, the LDAP 
Configuration service displays, so that you can complete the required information. 


To specify the required information on the Configured LDAP Server page: 
1 Inthe eDirectory Tree Name field, specify the name for the existing eDirectory tree that you are 
installing this server into. 


2 In the Admin Name and Context field, specify the name and context for user Admin in the 
existing tree. 


3 Inthe Admin Password Name field, specify a password for the Admin user in the existing tree. 


4 Add the LDAP servers that you want the services on this server to use. The servers that you add 
should hold the master or a read/write replica of eDirectory. Do the following for each server you 
want to add: 


4a Click Add. 
4b On the next page, specify the following information for the server to add, then click Add. 


+ IP address 
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+ LDAP port and secure LDAP port 


LDAP Server Configuration * | Configured LDAP Servers 
Use this dialog to specify 
eDirectory LDAP server 
informaton for the OES services 
you install on this server. 


eDirectory Tree Name 
Specify the eDirectory tree that 
you are installing this server into. 


Admin Name and Context 
Specify the fully distinguished, 
typeful name of a user with 
administrative nghts in the tree. 
Use LDAP format. 


For example, 

cn=admin,o=organizaton. 

Admin Password [aeternas ise Nome 
Specify the password for the 9-tree 

eDirectory Admin user. Admin name and context 
Configured LDAP Servers cn=admin.o=novell 

The eDirectory LDAP servers Admin password 


listed in this table are servers that 


can be used to configure other 

OES services on this server, Configued LDAP Servers 

Each added server must have 

either the master or a read/write IP Address (LDAP Port Secure LDAP Port | Server 
replica of the eDirectory tree. The 192.65.47.12 389 636 remote: 


first server added to the list 
becomes the default server for 
the installed and configured OES 
services to use. 


If you are creating a new tree, the 
server you are installing has the 
master replica. 


If you are installing into an 
existing tree, this server might not 
have a replica copied to it, 
depending on the tree 
configuration. For details, see the 
eDirectory 8.8 documentation. 
http: //www.novell.com/doc 


Add 

Click this option to add an 
eDirectory LDAP server to the 
Configured LDAP Servers table. 


This opens an additional dialog £ 
(K ica oom 


Back Abort | Next 


5 When all of the LDAP servers that you want to specify are listed, click Next. 


6 Verify that the Novell Open Enterprise Server Configuration page displays the settings that you 
expected, then click Next. 
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3.8.10 


7 


Preparation Novell Open Enterprise Server Configuration 


> i 
OES Configuration )) Skip Configuration 


@ Use Following Configuration 


| LDAP Configuration for Open Enterprise Services 


| Reconfigure is disabled 
| 


| eDirectory 


| 
| Configure is enabled 
| 


è Tree Name: CSDOC 

e Tree Type: new 

è Use eDirectory certificates for HTTP services: yes 
Require TLS for Simple Binds with Password: yes 
e Install SecretStore: yes 

* Admin Context: cn=admin.o=novell 

e Server Context: o=novell 

e iMonitor Port: 8028 

e iMonitor Secure Port: 8030 

e Network Time Protocol: Local Clock 

e SLP mode: multicast 

e SLP Scopes: DEFAULT 

e NMAS Login: CertMutual: yes 

* NMAS Login: Challenge Response: yes 

* NMAS Login:DIGEST-MD5: yes 

e NMAS Innin NDS: was 


| Change i ~] 


| Abort 


Continue with “Configuring OES Services” on page 77. 


Specifying eDirectory Configuration Settings 


When you specify the eDirectory configuration settings, you can specify information to create a new 
tree and install the server in that new tree, or you can install the server into an existing tree by 
specifying the information for it. Use the following instructions as applicable: 


+ 


+ 


+ 


+ 


+ 


+ 


“Specifying SLP Configuration Options” on page 69 

“Specifying Synchronizing Server Time Options” on page 70 

“Creating a New eDirectory Tree and Installing the Server in It” on page 71 

“Installing the Server into an Existing eDirectory Tree” on page 72 

“Selecting the NetIQ Modular Authentication Services (NMAS) Login Method” on page 74 
“Specifying OES Common Proxy User Information” on page 75 


Specifying SLP Configuration Options 


1 On the eDirectory Configuration - SLP page, specify the SLP options as desired. 


You have the following options for configuring SLP: 


+ Use Multicast to Access SLP: This option allows the server to request SLP information by 
using multicast packets. Use this in environments that have not established SLP DAs 
(Directory Agents). 


IMPORTANT: If you select this option, you must disable the firewall for SLP to work 
correctly. Multicast creates a significant amount of network traffic and can reduce network 
throughput. 
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+ Configure SLP to use an existing Directory Agent: This option configures SLP to use an 
existing Directory Agent (DA) in your network. Use this in environments that have 
established SLP DAs. When you select this option, you configure the servers to use by 
adding or removing them from the SLP Directory Agent list. 


+ Configure as Directory Agent: This option configures this server as a Directory Agent 
(DA). This is useful if you plan to have more than three servers in the tree and want to set 
up SLP during the installation. 


+ DASyncReg: This option causes SLP, when it starts, to query the Directory Agents 
listed under Configured SLP Directory Agents for their current lists of registered 
services. It also causes the DA to share service registrations that it receives with the 
other DAs in the SLP Directory Agent list. 


¢ Backup SLP Registrations: This option causes SLP to back up the list of services 
that are registered with this Directory Agent on the local disk. 


¢ Backup Interval in Seconds: This specifies how often the list of registered services is 
backed up. 


¢ Service Location Protocols and Scope: This option configures the scopes that a user 
agent (UA) or service agent (SA) is allowed when making requests or when registering 
services, or specifies the scopes a directory agent (DA) must support. The default value is 
DEFAULT. Use commas to separate each scope. For example, net.slp.useScopes = 
myScope1,myScope2,myScope3. 


+ Configured SLP Directory Agents: This option lets you manage the list of hostname or IP 
addresses of one or more external servers on which an SLP Directory Agent is running. 


2 Click Next and confirm your selection if necessary, then continue with Selecting the NetIQ 
Modular Authentication Services (NMAS) Login Method. 


Specifying Synchronizing Server Time Options 
eDirectory requires that all OES servers are time-synchronized. 


1 On the eDirectory Configuration - NTP page, click Add. 


2 Inthe Time Server text box, specify the IP address or DNS hostname of an NTP server, then 
click Add. 


For the first server in a tree, we recommend specifying a reliable external time source. 


When you install multiple servers into the same eDirectory tree, ensure that all servers point to 
the same time source and not to the server holding the master replica. 


For servers joining a tree, specify the same external NTP time source that the tree is using, or 
specify the IP address of a configured time source in the tree. A time source in the tree should be 
running time services for 15 minutes or more before connecting to it; otherwise, the time 
synchronization request for the installation fails. 


3 If you want to use the server’s hardware clock, select Use Local Clock. 


For servers joining a tree, the installation does not let you proceed if you select this option. You 
must specify the same external NTP time source that the tree is using, or specify the IP address 
of a configured time source in the tree that has been running time services for 15 minutes or 
more. 


4 Continue with “Specifying SLP Configuration Options” on page 69. 


For more information on time synchronization, see “Implementing Time Synchronization” in the OES 
2015 SP1: Planning and Implementation Guide. 
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Creating a New eDirectory Tree and Installing the Server in It 


1 On the eDirectory Configuration - New or Existing Tree page, select New Tree. 
2 Inthe eDirectory Tree Name field, specify a name for the eDirectory tree that you want to create. 


On OES servers, services that provide HTTPS connectivity are configured to use one of the 
following certificates: 


+ An eDirectory certificate issued by the Novell International Cryptographic Infrastructure 
(NICI) 


+ A third-party server certificate 
+ The YaST self-signed common server certificate created in Step 2 on page 64 


Self-signed certificates provide minimal security and limited trust. Unless you have invested 
in a third-party certificate, we recommend that you use the eDirectory certificates instead. 


By default, the Use eDirectory Certificates for HTTPS Services check box is selected. This 
means that the existing server certificate and key files (YaST or third-party) will be replaced with 
eDirectory server certificate and key files. 


The default YaST server certificate and key files are: 

¢ Key file: /etc/ssl/servercerts/serverkey.pem 

+ Certificate file: /7etc/ssl/servercerts/servercert.pem 
The eDirectory server certificate and key files are: 

+ Key file: /etc/ssl/servercerts/eDirkey.pem 

+ Certificate file: /etc/ssl/servercerts/eDircert.pem 


For more information, see “Certificate Management” in the OES 2015 SP1: Planning and 
Implementation Guide. 


3 On the eDirectory Configuration - New Tree Information page, specify the required information: 
¢ The fully distinguished name and context for the user Admin on the existing server 
+ The password for user Admin on the existing server 

4 Click Next. 


5 On the eDirectory Configuration - Local Server Configuration page, specify the following 
information: 


+ The context for the server object in the eDirectory tree 
+ A location for the eDirectory database 


The default path is /var/opt/novell/eDirectory/data/dib, but you can use this option 
to change the location if you expect to have a large number of objects in your tree and if the 
current file system does not have sufficient space. 


+ The ports to use for servicing LDAP requests 


The default ports are 389 (non-secure) and 636 (Secure). 


IMPORTANT: The scripts that manage the common proxy user introduced in OES 2015 
require port 636 for secure LDAP communications. 


+ The ports to use for providing access to the iMonitor application 
The default ports are 8028 (non-secure) and 8030 (secure). 
6 Click Next. Then continue with “Specifying Synchronizing Server Time Options” on page 70. 
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Installing the Server into an Existing eDirectory Tree 


1 On the eDirectory Configuration - New or Existing Tree page, select Existing Tree. 
2 Inthe eDirectory Tree Name field, specify a name for the eDirectory tree you want to join. 


Gre ©, eDirectory Configuration - New or Existing Tree 


SUSE. Linux 
Enterprise 


Preparation 


New or Existing Tree 
O New Tree 
@ Existing Tree 


eDirectory Tree Name 


x Use eDirectory Certificates for HTTPS Services 


x Require TLS for Simple Binds with Password 


tice 


> OES Configuration : xX Install SecretStore 


[C] Enable NMAS-based login for LDAP i 


onfiguration 


On OES servers, services that provide HTTPS connectivity are configured to use either of the 
following: 
+ An eDirectory certificate issued by the Novell International Cryptographic Infrastructure 
(NICI) 


+ The YaST self-signed common server certificate created in Step 2 on page 64 


Self-signed certificates provide minimal security and limited trust. We recommend that you 
use the eDirectory certificates instead. 


By default, the Use eDirectory Certificates for HTTPS Services check box is selected. This 
means that the existing YaST server certificate and key files will be replaced with eDirectory 
server certificate and key files. 


The default YaST server certificate and key files are: 

+ Key file: /etc/ssl/servercerts/serverkey.pem 

+ Certificate file: /etc/ssl/servercerts/servercert.pem 
The eDirectory server certificate and key files are: 

+ Key file: /etc/ssl/servercerts/eDirkey.pem 

+ Certificate file: /etc/ssl/servercerts/eDircert.pem 
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For more information on certificate management, see “Certificate Management” in the OES 2015 
SP1: Planning and Implementation Guide. 
¢ Select Enable NMAS-based login for LDAP authentication to enforce the use of a single- 
secure password for all Novell and partner products. The Secure Password Manager of the 
NMAS module manages this universal password implementation. 


3 On the eDirectory Configuration - Existing Tree Information page, specify the required 
information: 


Oa ©, eDirectory Configuration - Existing Tree Information 
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+ 


The IP address or the host name of an existing eDirectory server with a replica. 


IMPORTANT: Ensure that you verify the status of the eDirectory tree using the Validate 
button. If the validation is unsuccessful, do not proceed further with the OES configuration 
until the eDirectory server is up and running. 


+ The NCP port on the existing server 
+ The LDAP and secure LDAP port on the existing server 
¢ The fully distinguished name and context for the user Admin on the existing server 
+ The password for user Admin on the existing server 
4 Click Next. 


5 On the eDirectory Configuration - Local Server Configuration page, specify the following 
information: 
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a & eDirectory Configuration - Local Server Configuration ] 
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Hardware Configuration 


+ The context for the server object in the eDirectory tree 
+ A location for the eDirectory database 


The default path is /var/opt/novell/eDirectory/data/dib, but you can use this option 
to change the location if you expect to have a large number of objects in your tree and if the 
current file system does not have sufficient space. 


+ The ports to use for servicing LDAP requests 
The default ports are 389 (non-secure) and 636 (Secure). 


IMPORTANT: The scripts that manage the common proxy user introduced in OES 2015 
SP1 require port 636 for secure LDAP communications. 


¢ The ports to use for providing access to the iMonitor application 
The default ports are 8028 (non-secure) and 8030 (secure). 
6 Click Next. Then continue with “Specifying Synchronizing Server Time Options” on page 70. 


Selecting the NetIQ Modular Authentication Services (NMAS) Login 
Method 


1 On the NetIQ Modular Authentication Services page, select all of the login methods you want to 
install. 


IMPORTANT: The NMAS client software must be installed on each client workstation where you 
want to use the NMAS login methods. The NMAS client software is included with the Novell 
Client software. 
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The following methods are available: 


+ 


CertMutual: The Certificate Mutual login method implements the Simple Authentication and 
Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to provide 
client authentication to eDirectory through LDAP. 


Challenge Response: The Challenge Response login method works with the Identity 
Manager password self-service process. This method allows either an administrator or a 
user to define a password challenge question and a response, which are saved in the 
password policy. Then, when users forget their passwords, they can reset their own 
passwords by providing the correct response to the challenge question. 


DIGEST-MD5: The Digest-MD5 login method implements the Simple Authentication and 
Security Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the user to 
eDirectory through LDAP. 


NDS: The NDS login method provides secure password challenge-response user 
authentication to eDirectory. This method is installed by default and supports the traditional 
NDS password when the NMAS client is in use. Reinstallation is necessary only if the NDS 
login method object has been removed from the directory. 


Simple Password: The Simple Password NMAS login method provides password 
authentication to eDirectory. The Simple Password is a more flexible but less secure 
alternative to the NDS password. Simple Passwords are stored in a secret store on the user 
object. 


SASL GSSAPI: The SASL GSSAPI login method implements the Generic Security 
Services Application Program Interface (GSSAPI) authentication. It uses the Simple 
Authentication and Security Layer (SASL), which enables users to authenticate to 
eDirectory through LDAP by using a Kerberos ticket. 


For more information about installing and configuring eDirectory, see “Installing or Upgrading 
NetIQ eDirectory on Linux in the NetIQ eDirectory 8.8 SP8 Installation Guide. 


For more information on these login methods, see the online help and “Managing Login and 
Post-Login Methods and Sequences” in the Novell Modular Authentication Services 3.3.4 
Administration Guide. 


2 Click Next. Then continue with “Specifying OES Common Proxy User Information” on page 75. 


Specifying OES Common Proxy User Information 


For an OES service to run successfully, you need to use a separate proxy account to configure and 
manage each service. However, using multiple proxy user accounts means more overhead for the 
administrator. To avoid this overhead, the common proxy user has been introduced. Each node ina 
tree can have a common proxy user for all of its services. This enables administrators to configure 
and manage multiple services with just one proxy user. 


NOTE: Two nodes in a tree cannot have the same common proxy user. 


For information about this option, see “Common Proxy User” in the OES 2015 SP1: Planning and 
Implementation Guide. 


1 On the OES Common Proxy User Information page, specify the configuration settings for this 
user, then click Next. 
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eDirectory Configuration - OES Common Proxy User Information 


| Use Common Proxy User as default for OES Products 


OES Common Proxy User Context (e.g. o=novell) 


ou=ac ap,o=novell 


OES Common Proxy User Password 


e | 


Verify OES Common Proxy User Password 


Assign Common Proxy Password Policy to Proxy User 


Use Common Proxy User as Default for OES Products: Selecting this option configures 
the common proxy user for the following services: CIFS, DNS, DHCP, iFolder, NetStorage, 
and NCS. Optionally, you can specify that LUM uses it. 


OES Common Proxy User Name: For a host, the common proxy user's name is 
OESCommonProxy_hostname. You cannot specify any other name than what is given by the 
system. This restriction prevents possible use of the same common proxy user name 
across two or more nodes in a tree. For more information, see “Can | Change the Common 
Proxy User Name and Context?” in the OES 2015 SP1: Planning and Implementation 
Guide. 


OES Common Proxy User Context: Provide the FDN name of the container where the 
common proxy needs to be created. By default, this field is populated with the NCP server 
context. For example, ou=acap, o=novell. Where ou is the organization unit, acap is the 
organization unit name, o is the organization, and novell is the new organization name. For 
an existing tree, click Browse and select the container where the Common Proxy User must 
be created. 


OES Common Proxy User Password: You can accept the default system-generated 
password or specify a new password for the common proxy user. 


NOTE: If you choose to provide your own password, it should conform to the policy that is in 
effect for the common proxy user. If the password contains single (') or double (") quotes, 
OES Configuration will fail. These characters have to be escaped by prefixing \. For 
example, to add a single quote, escape it as nove\'ll. The system-generated password will 
always be in conformance with the policy rules. 


Verify OES Common Proxy User Password: If you specified a different password, type 
the same password in this field. Otherwise, the system-generated password is automatically 
included. 
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+ Assign Common Proxy Password Policy to Proxy User: The initial common proxy 
password policy is a simple password policy created with default rules. If desired, you can 
modify this policy after the installation to enforce stricter rules regarding password length, 
characters supported, expiration intervals, and so forth. 


IMPORTANT: We recommended against deselecting the Assign Common Proxy Password 
Policy to Proxy User option. If deselected, the common proxy user inherits the password policies 
of the container, which could lead to service failures. 


2 Continue with “Configuring OES Services” on page 77. 


Configuring OES Services 


After you complete the LDAP configuration or the eDirectory configuration, the Novell Open 
Enterprise Server Configuration summary page is displayed, showing all of the OES components that 
you installed and their configuration settings. 

1 Review the setting for each component. Click the component heading to change any settings. 


For help with specifying the configuration information for OES services, see the information in 
“Configuration Guidelines for OES Services” on page 78. 


2 When you are finished reviewing the settings for each component, click Next. 
3 When you confirm the OES component configurations, you might receive the following error: 
The proposal contains an error that must be resolved before continuing. 


If this error is displayed, check the summary list of configured products for any messages 
immediately below each product heading. These messages indicate products or services that 
need to be configured. If you are running the YaST graphical interface, the messages are red 
text. If you are using the YaST text-based interface, they are not red. 


For example, if you selected Linux User Management in connection with other OES products or 
services, you might see a message similar to the following: 


Linux User Management needs to be configured before you can continue or disable 
the configuration. 


If you see a message like this, do the following: 
3a On the summary page, click the heading for the component. 
3b Supply the missing information in each configuration page. 


When you specify the configuration information for OES services, see the information in 
“Configuration Guidelines for OES Services” on page 78, or if you are reading online, click a 
link below: 


+ AFP 

¢ Backup/Storage Management Services (SMS) 
¢ CIFS 

¢ Clustering (NCS) 

+ DHCP 

¢ DNS 

+ Domain Services for Windows (DSfW) 

¢ eDirectory 

+ FTP 


+ iFolder 
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¢ iManager 

¢ Print 

¢ Linux User Management (LUM) 

+ NCP Server/Dynamic Storage Technology 
+ NetStorage 

¢ Pre-Migration Server 

+ Novell Remote Manager (NRM) 

+ Novell Samba 

+ Novell Storage Services 

¢ NSS Active Directory Support 


When you have finished the configuration of a component, you are returned to the Novell 
Open Enterprise Server Configuration summary page. 


3c If you want to skip the configuration of a specific component and configure it later, click 
Enabled in the Configure is enabled status to change the status to Reconfigure is disabled. 


If you change the status to Reconfigure is disabled, you need to configure the OES 
components after the installation is complete. See “Installing or Configuring OES 2015 SP1 
on an Existing Server” on page 109. 


4 After resolving all product configuration issues, click Next to proceed with the configuration of all 


components. 


5 When the configuration is complete, continue with Section 3.9, “Finishing the Installation,” on 


page 107. 
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“Service Configuration Caveats” on page 79 

“LDAP Configuration for Open Enterprise Services” on page 80 
“Novell AFP Services” on page 81 

“Novell Backup/Storage Management Services (SMS)” on page 81 
“Novell CIFS for Linux” on page 82 

“Novell Cluster Services” on page 83 

“Novell DHCP Services” on page 85 

“Novell DNS Services” on page 87 

“Novell Domain Services for Windows” on page 89 

“NetIQ eDirectory Services” on page 89 

“Novell FTP Services” on page 94 

“Novell iFolder” on page 94 

“Novell iManager” on page 99 

“Novell iPrint” on page 100 

“Novell Linux User Management” on page 100 

“Novell NCP Server / Dynamic Storage Technology” on page 102 
“Novell NetStorage” on page 102 


“Novell Pre-Migration Server” on page 103 
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+ “Novell Remote Manager” on page 103 

+ “Novell Samba” on page 103 

+ “Novell Storage Services (NSS)” on page 105 

+ “NSS Active Directory Support” on page 106 

+ “Deprecated Services: Archive and Version Services and QuickFinder” on page 106 


NOTE: Beginning with OES 2015 SP1, Archive and Version Services (AV) and QuickFinder services 
are not included. New installations of OES 2015 SP1 will not include patterns to install these 
components. 


If you are upgrading to OES 2015 SP1 from an earlier OES server (one that includes these 
packages), the AV and QuickFinder packages and the associated data will not be accessible on the 
OES 2015 SP1 server. However, the iManager plug-ins for AV and QuickFinder are still available in 
the OES 2015 SP1 package, and you can use them to manage servers prior to OES 2015 SP1. 


Service Configuration Caveats 


Keep the following items in mind as you configure the OES 2015 SP1: 
Table 3-3 Caveats for Configuring OES Services 


Issue Guideline 


Software Selections Some older machines, such as a Dell 1300, use the text mode install by default when the 

When Using Text- video card does not meet SLES 11 SP4 specifications. When you go to the Software 

Based YaST Selection, and then to the details of the OES software selections, YaST doesn’t bring up 
the OES selections like it does when you use the graphical YaST (YaST2). 


To view the Software Selection and System Task screen, select Filter > Pattern (or 
press Alt+F > Alt+l). 


Specifying a State If you to specify a state identifier, such as California, Utah, or Karnataka, as a Locality 
identifier for a Class object in your eDirectory tree hierarchy, ensure to use the correct abbreviation in 
Locality Class object your LDAP (comma-delimited) or NDAP (period-delimited) syntax. 


When using LDAP syntax, use “st” to specify a state. For example: 
ou=example_organization, o=example_company, st=utah, c=us 
When using NDAP syntax, use “s” to specify a state. For example: 


ou=example_organization.o=example_company.s=utah.c=us 


Specifying Typeful When you install OES, you must specify a fully distinguished admin name by using the 
Admin Names typeful, LDAP syntax that includes object type abbreviations (cn=, ou=, o=, etc.). For 
example, you might specify the following: 


cn=admin, ou=example_organization, o=example_company 
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Issue Guideline 


Using Dot-Delimited For all parameters requiring full contexts, you can separate the names by using comma- 
orComma-Delimited delimited syntax. Ensure that you are consistent in your usage within the field. 


Input for All 
Products The OES installation routine displays all input in the comma-delimited (LDAP) format. 


However, it converts the name separators to dots when this is required by individual 
product components. 


IMPORTANT: After the OES components are installed, be sure to follow the conventions 
specified in the documentation for each product. Some contexts must be specified using 
periods (.) and others using commas (,). However, eDirectory supports names like 
cn=juan\.garcia.ou=users.o=novell. The period (.) inside a name component must be 
escaped. 


When using NDAP format (dot), you must escape all embedded dots. For example: 
cn=admin.o=novell\.provo 


When using LDAP format (commas), you must escape all embedded commas. For 
example: cn=admin, o=novell\, provo 


The installation disallows a backslash and period (\.) in the CN portion of the admin 
name. 


For example, these names are supported: 
cn=admin.o=novell 

cn=admin.o=novell\.provo 
cn=admin.ou=deployment\.linux.o=novell\.provo 


These names are not supported: 


cn=admin\. first .o=novell 
cn=admin\.root.o=novell 


Before LUM-enabling users whose cn contains a period (.), you must remove the 
backslash (\) from the unique_id field of the User object container. 


For example, cn=juan.garcia has a unique_id attribute = juan\.garcia. Before such a user 
can be LUM-enabled, the backslash (\) must be removed from the unique_id attribute. 


LDAP Configuration for Open Enterprise Services 
Table 3-4 LDAP Configuration for Open Enterprise Services Values 


Page and Parameters 


Configured LDAP Servers 


¢ eDirectory Tree Name: The eDirectory tree name that you specified when configuring eDirectory. 
The tree that you are installing this server into. 


+ Admin Name and Context: The eDirectory Admin name you specified when configuring 
eDirectory. 


+ Admin Password: The password of the eDirectory Admin user. 
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Page and Parameters 


+ Configured LDAP Servers: You can specify a list of servers that can be used to configure other 
OES services on this server. 


Each added server must have either the master or a read/write replica of the eDirectory tree. The 
first server added to the list becomes the default server for the installed and configured OES 
services to use. 


For each server you must specify an IP Address, LDAP Port, Secure LDAP Port, and Server Type. 


For information about specifying multiple LDAP servers for Linux User Management (LUM), see 
“Configuring a Failover Mechanism” in the OES 2015 SP1: Linux User Management Administration 
Guide. 


Default: The eDirectory server you specified when configuring eDirectory. 


Novell AFP Services 
Table 3-5 Novell Apple Filing Protocol Parameters and Values 


Page and Parameters 


AFP Configuration - Mac Client Access to NSS Volumes 


+ Directory Server Address: The IP address of the eDirectory server. 


+ Proxy user name with context: Specify the FQDN of the eDirectory containers that contain AFP 
users, for example ou=afp_users.o=novell. In an existing tree, you can select the context using 
Browse. 


For additional configuration instructions, see “Installing and Setting Up AFP” in the OES 2015 SP1: 
Novell AFP for Linux Administration Guide. 


Novell Backup/Storage Management Services (SMS) 
Table 3-6 Novell Backup/Storage Management Services Parameters and Values 


Page and Parameters 


SMS Configuration 


¢ Directory Server Address: If you do not want to use the default shown, select a different LDAP 
server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using 
the LDAP Configuration for Open Enterprise Services dialog box. 


Default: The first server selected in the LDAP Configuration list of servers. 


For additional configuration instructions, see “Installing and Configuring SMS” in the Installing and 
Configuring SMS guide. 
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Novell CIFS for Linux 


Table 3-7 Novell CIFS Parameters and Values 


Page and Parameters 


Novell CIFS Service Configuration 


+ eDirectory server address or host name: Leave the default or select from the drop-down list to 
change to a different server. 


+ LDAP port for CIFS Server: Displays the port value. 


+ Local NCP Server context: Displays the NCP Server context. 


+ CIFS Proxy User 


+ Use existing user as CIFS Proxy User: Select this option to use an existing proxy user for 
the CIFS service. 


If you specified the server’s common proxy user, this option is selected. 


+ Create a new CIFS Proxy User: Select this option to create a new proxy user for the CIFS 
service. 


+ CIFS Proxy User Name: Specify the FQDN (fully qualified distinguished name) of the CIFS 
proxy user. 


For example: cn=user, o=novell 


NOTE: This user is granted rights to read the passwords of any users, including non-CIFS 
users, that are governed by any of the password policies you select in the Novell CIFS 
Service Configuration page. 


+ CIFS Proxy User Password: Specify a password for the CIFS proxy user to use when 
authenticating to the CIFS server, and verify the password if you are specifying an existing 
proxy user. 


For more information on proxy user and password management, see “Planning Your Proxy 
Users” in the OES 2015 SP1: Planning and Implementation Guide. 


+ Credential Storage Location: Accept CASA or specify the Local File option. 
The CIFS proxy user password is encrypted and encoded in the credential storage location. 
Default: CASA 
Novell CIFS Service Configuration (2) 


+ eDirectory Contexts: Provide a list of contexts that are searched when the CIFS User enters a 
user name. The server searches each context in the list until it finds the correct user object. 


For additional configuration instructions, see “Installing and Setting Up CIFS” in the OES 2015 SP1: 
Novell CIFS for Linux Administration Guide and the OES 2015 SP1: Novell AFP for Linux 
Administration Guide 
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Novell Cluster Services 
Table 3-8 Novell Cluster Services Parameters and Values 


Page and Parameters 


Before you configure a node for a Novell Cluster Services cluster, ensure that you have satisfied 
the prerequisites and have the necessary Administration rights described in “Planning for Novell 
Cluster Services” in the OES 2015 SP1: Novell Cluster Services for Linux Administration Guide. 


Novell Cluster Services (NCS) Configuration 


+ New or Existing Cluster: Specify whether the server is part of a new cluster or is joining an 
existing cluster. 


Default: Existing Cluster 


+ Directory Server Address: The IP addresses shown are the LDAP servers that are 
available for this service to use. The selected IP address is the default LDAP server for this 
service. 


Default: The local LDAP server. 


The LDAP servers that you select must have a master replica or a Read/Write replica of 
eDirectory. You can add, remove, or change the order of available LDAP servers for the node 
after the setup is complete by using the /opt/novell/ncs/install/ncs_install.py 
script. For more information, see “Changing the Administrator Credentials or LDAP Server IP 
Addresses for a Cluster” in the OES 2015 SP1: Novell Cluster Services for Linux 
Administration Guide. 


+ Cluster FDN: Browse to select an existing eDirectory context where the Cluster objects will 
be created. The fully distinguished name (FDN) of the cluster is automatically added to the 
field with a suggested cluster name. You can specify a different cluster name. 


You can also specify the typeful FDN for the cluster. Use the comma format illustrated in the 
example. Do not use dots. You must specify an existing context. Specifying a new context 
does not create a new context. 


Cluster names must be unique. You cannot create two clusters with the same name in the 
same eDirectory tree. Cluster names are case-sensitive on Linux. 


+ Cluster IP Address: If you are creating a new cluster, specify a unique IP address for the 
cluster. 


The cluster IP address is separate from the server IP address and is required to be on the 
same IP subnet as the other servers in the cluster. 


+*+ Storage Device With Shared Media: If you are creating a new cluster, select the device 
where the Split Brain Detector (SBD) partition will be created. 


An SBD is required if you plan to use shared disks in the cluster. The drop-down menu 
shows only devices that have been initialized and shared. If a device is not available, accept 
the default (none). You must create the SBD manually before adding a second server to the 
cluster. 


Default: none 


+ Optional Device for Mirrored Partitions: If you want to mirror the SBD partition for greater 
fault tolerance, select the device where you want the mirror to be. You can also mirror SBD 
partitions after installing Novell Cluster Services. 


Default: none 


Installing OES 2015 SP1 as a New Installation 


83 


84 


Page and Parameters 


Before you configure a node for a Novell Cluster Services cluster, ensure that you have satisfied 
the prerequisites and have the necessary Administration rights described in “Planning for Novell 
Cluster Services” in the OES 2015 SP1: Novell Cluster Services for Linux Administration Guide. 


+ Desired Partition Size of the Shared Media: Specify the size in MB (megabytes) of the 
SBD partition, or select Use Maximum Size to use the entire shared device. We recommend 
at least 20 MB for the SBD partition. If you specified a device to mirror the partition, the 
setting is also applied to the mirror. 


Default: 8 


Novell Cluster Services (NCS) Proxy User Configuration (2) 


Specify one of the following users as the NCS Proxy user. 


+ OES Common Proxy User: If the OES common proxy User is enabled in eDirectory, the 
Use OES Common Proxy User check box is automatically selected and the NCS Proxy 
User Name and Specify NCS Proxy User Password fields are populated with the 
credentials of the OES common proxy User. 


+ LDAP Admin User: If the OES common proxy User is disabled in eDirectory, the Use OES 
Common Proxy User check box is automatically deselected and the NCS Proxy User 
Name and Specify NCS Proxy User Password fields are populated with the credentials of 
the LDAP Admin user. The fields are also automatically populated with the LDAP Admin 
credentials if you deselect the Use OES Common Proxy User check box. 


+ Another Administrator User: Deselect the Use OES Common Proxy User check box, 
then specify the credentials of an administrator user. 


Novell Cluster Services (NCS) Configuration (3) 


+ Name of This Node: This is the hostname of the server. 


+ IP Address of this Node: This field contains the IP address of this node. If this server has 
multiple IP addresses, you can change the default address to another value if desired. 


+ Start Cluster Services Now: Select this box if you want clustering to start now. If you want 
clustering to start after rebooting, or if you want to manually start it later, deselect this box. 


This option applies only to installing Novell Cluster Services after the OES installation 
because it starts automatically when the server initializes during the installation. 


If you choose to not start Novell Cluster Services software, you need to either manually start 
it after the installation, or reboot the cluster server to automatically start it. 


You can manually start Novell Cluster Services by going to the /etc/init.d directory and 
entering ./novell-ncs start atthe server console of the cluster server. 


Default: Selected 


For additional instructions, see the OES 2015 SP1: Novell Cluster Services for Linux Administration 
Guide. 
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Novell DHCP Services Configuration 


+ DHCP Server Context: Specify a context for the DHCP Server object. 


Default: o=example 


+ DHCP Server Object Name: Specify the name of the Server object that these DHCP services will 
be running on. 


This is the DHCP server object that contains a list of DHCP Services (configuration) served by the 
DHCP Server. 


Default: DHCP_example_server 


+ Common DHCP Configuration Object Contexts 
+ Locator Object: Specify the context for the DHCP Locator object. 
The DHCP Locator object has references to dhcpServer and dhcpService objects. 
+ Group Context: Specify the context for the DHCP Group object. 


This object is used to grant the necessary rights to the eDirectory user used by the DHCP 
server to access the DHCP objects. 


Default: o=example 


+ Log File Location: Specify the path and file name for the DHCP server to dump the configurations 
it reads from eDirectory. Specify the path manually or click Browse to locate the log. 


Default: Usually /var/log/dhcp-ldap-startup.log 


+ LDAP Method 


¢ Static: Select this option if you do not want the DHCP server to query the LDAP server for 
host details. 


+ Dynamic: Select this option if you want the DHCP server to query for host details from the 
LDAP server for every request. 


Selecting the dynamic LDAP method ensures that the responses you receive to queries are 
accurate, but the server takes a longer time to respond. 


Default: Static 


+ Referrals 


A referral is a message that the LDAP server sends to the LDAP client informing it that the server 
cannot provide complete results and that more data might be on another LDAP server. 


+ Chase Referral: Select this option if you want the DHCP server to follow referrals. 
+ Do Not Chase Referral: Select this option to ignore LDAP referrals. 


Default: Chase referral 


Novell DHCP LDAP and Secure Channel Configuration 
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+ eDirectory Server Address or Host Name: The IP address shown is the default LDAP server for 


this service. If you do not want to use the default, select a different LDAP server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using 
the LDAP Configuration for Open Enterprise Services dialog box. 


Default: The first server is selected in the LDAP Configuration list of servers. 


Use Secure Channel for Configuration: This option is selected by default. When you are 
configuring DHCP services, it ensures that all configuration is transferred over a secure channel. 


Deselecting the option lets a user with fewer privileges configure LDAP services and allows 
configuration information to be transferred over a non-secure channel. 


Default: Selected 


LDAP User Name with Context: Specify a distinguished name and context for an LDAP user. For 
example: cn=joe, o=novell. This user should be an eDirectory user that can access the DHCP 
server. 


During eDirectory configuration, if you have selected the Use Common Proxy User as default for 
OES Products check box, then the proxy user and password fields are populated with common 
proxy user name and password. 


Default: cn=OESCommonProxy_host name, o=novell 


+ LDAP User Password: Type a password for the LDAP user. 


+ LDAP Port for DHCP Server: Select a port for the LDAP operations to use. 


IMPORTANT: The scripts that manage the common proxy user introduced in OES 2015 require 
port 636 for secure LDAP communications. 


Default: 636 


Use Secure channel for DHCP Server: Selecting this option ensures that the data transferred 
between the DHCP server and the LDAP server is secure and private. 


If you deselect this option, the data transferred is in clear text format. 


Default: Selected 
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+ Certificates (optional) 


+ Request Certificate: Specifies what checks to perform on a server certificate in a SSL/TLS 
session. Select one of the following options: 


+ Never: The server does not ask the client for a certificate. This is the default 


+ Allow: The server requests a client certificate, but if a certificate is not provided or a 
wrong certificate is provided, the session still proceeds normally. 


+ Try: The server requests the certificate. If none is provided, the session proceeds 
normally. If a certificate is provided and it cannot be verified, the session is immediately 
terminated 


+ Hard: The server requests a certificate. A valid certificate must be provided, or the 
session is immediately terminated. 


+ Paths to Certificate Files: Specify or browse the path for the certificate files. 
+ The LDAP CA file contains CA certificates. 
+ The LDAP client certificate contains the client certificate. 


+ The LDAP client key file contains the key file for the client certificate. 


Novell DHCP Services Interface Selection 


+ Network Boards for the Novell DHCP Server: From the available interfaces, select the network 
interfaces that the Novell DHCP server should listen to. 


For additional configuration instructions, see “Installing and Configuring DHCP ” in the OES 2015 
SP1: DNS/DHCP Services for Linux Administration Guide. 


Novell DNS Services 
Table 3-10 Novell DNS Services Parameters and Values 


Page and Parameters 


Novell DNS Configuration 
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+ 


Directory server address: If you have specified multiple LDAP servers by using the LDAP 
Configuration for Open Enterprise Services dialog box, you can select a different LDAP server than 
the first one in the list. 


If you are installing into an existing tree, ensure that the selected server has a master or read/write 
replica of eDirectory. 

Default: The first LDAP server in the LDAP Server Configuration dialog box. 

Local NCP Server Context: Specify a context for the local NCP Server object. 

Default: The eDirectory context specified for this OES server. 


Use Secure LDAP Port: Selecting this option ensures that the data transferred by this service is 
secure and private. 


If you deselect this option, the transferred data is in clear text format. 
Default: Selected 
Proxy User for DNS Management: Specify the FDN of the DNS proxy user. 


An existing user must have eDirectory read, write, and browse rights under the specified context. If 
the user doesn't exist, it is created in the context specified. 


Default: If you specified a common proxy user, it is used by default. If you didn’t specify a common 
proxy user, the eDirectory Admin name and context that you specified when configuring eDirectory 
is specified. 


Specify Password for Proxy User: Specify the password for the DNS proxy user. 


For more information on proxy user and password management, see “Planning Your Proxy Users” 
in the OES 2015 SP1: Planning and Implementation Guide. 


Default: The password that you specified for the OES server you are installing. 
Credential Storage Location: Specify where the DNS proxy user’s credentials are to be stored. 


Default: For security reasons, the default and recommended method of credential storage is 
CASA. 
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+ Common DNS Configuration Object and User Contexts: 


+ Get Context and Proxy User Information from Existing DNS Server: Select this option if 
you are configuring DNS in an existing tree where DNS is already configured, and you want to 
use the existing Locator, Root Server Info, Group and Proxy User contexts. 


+ Existing Novell DNS Server Address: If you have enabled the previous option, you can 
type the IP address of an NCP server (must be up and running) that is hosting the existing 
DNS server. 


To automatically retrieve the contexts of the objects that follow, click Retrieve. 
If you do not want to use the retrieved contexts, you can change them manually. 


+ Novell DNS Services Locator Object Context: Specify the context for the DNS Locator 
object. 


The Locator object contains global defaults, DHCP options, and a list of all DNS and DHCP 
servers, subnets, and zones in the tree. 


Default: The context you specified for the OES server you are installing. 


+ Novell DNS Services Root Server Info Context: Specify the context for the DNS Services 
root server. 


The RootSrvrinfo Zone is an eDirectory container object that contains resource records for 
the DNS root servers. 


Default: The context you specified for the OES server you are installing. 
+ Novell DNS Services Group Object Context: Specify the context for the DNS Group object. 


This object is used to grant DNS servers the necessary rights to other data within the 
eDirectory tree. 


Default: The context you specified for the OES server you are installing. 


+ Create DNS Server Object: Select this check box if you want to create the DNS server object in 
the eDirectory tree associated with the NCP server. 


+ Host Name: Type the unique host name for the DNS server object. 


+ Domain Name for the DNS Server: Type the domain name for the server object. 


For additional configuration instructions, see “Installing and Configuring DNS ” in the OES 2015 SP1: 
DNS/DHCP Services for Linux Administration Guide. 


Novell Domain Services for Windows 
There are multiple configuration scenarios, depending on your deployment. For information, see 


“Installing Domain Services for Windows” in the OES 2015 SP1: Domain Services for Windows 
Administration Guide. 


NetIQ eDirectory Services 


IMPORTANT: You specified the eDirectory configuration for this server in either “Specifying LDAP 
Configuration Settings” on page 67 or “Specifying eDirectory Configuration Settings” on page 69, and 
the settings you specified were extended to your OES service configurations by the OES install. 


If you change the eDirectory configuration at this point in the install, your modifications might or might 
not extend to the other OES services. For example, if you change the server context from o=example 
to ou=servers.o=example, the other service configurations might or might not reflect the change. 
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Be sure to carefully check all of the service configuration summaries on the Novell Open Enterprise 
Server Configuration summary screen. If any of the services don’t show the eDirectory change you 
made, click the service link and modify the configuration manually. Otherwise, your installation will 
fail. 


Table 3-11 NetiQ eDirectory Parameters and Values 


Page and Parameters 


eDirectory Configuration - New or Existing Tree 


+ New or Existing Tree 
+ New Tree: Creates a new tree. 


Use this option if this is the first server to go into the tree or if this server requires a separate 
tree. Keep in mind that this server will have the master replica for the new tree, and that 
users must log in to this new tree to access its resources. 


¢ Existing Tree: Incorporates this server into an existing eDirectory tree. 


This server might not have a replica copied to it, depending on the tree configuration. For 
details, see “Guidelines for Replicating Your Tree (https:/Awww.netiq.com/documentation/ 
edir88/edir88/data/a2iiie1.html)” in the NetIQ eDirectory 8.8 Administration Guide (https:// 
www.netiq.com/documentation/edir88/edir88/data/bookinfo.htm)). 


Default: New Tree 


+ eDirectory Tree Name: Specify a unique name for the eDirectory tree you want to create or the 
name of the tree you want to install this server into. 


+ Use eDirectory Certificates for HTTPS Services: Selecting this option causes eDirectory 
to automatically back up the currently installed certificate and key files and replace them with 
files created by the eDirectory Organizational CA (or Tree CA). 


Most OES services that provide HTTPS connectivity are configured by default to use the self- 
signed common server certificate created by YaST. Self-signed certificates provide minimal 
security and limited trust, so you should consider using eDirectory certificates instead. 


For all server installations, this option is enabled by default and is recommended for the 
increased security it provides. 


To prevent third-party CA certificates from being accidentally backed up and overwritten, 
deselect this option. 


For more information on certificate management and this option, see “Security” in the OES 
2015 SP1: Planning and Implementation Guide. 


+ Require TLS for Simple Binds with Password: Select this option to make connections 
encrypted in the Session layer. 


¢ Install SecretStore: Select this option to install Novell SecretStore (SS), an eDirectory- 
based security product. 


eDirectory Configuration - New/Existing Tree Information 


+ IP Address of an Existing eDirectory Server with a Replica: Specify the IP address of a server 
with an eDirectory replica. 


This option appears only if you are joining an existing tree. 
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+ NCP Port on the Existing Server: Specify the NCP port used by the eDirectory server you 
specified. 


This option appears only if you are joining an existing tree. 


Default: 524 


+ LDAP and Secure LDAP Ports on the Existing Server: Specify the LDAP ports used by the 
eDirectory server you specified. 


This option appears only if you are joining an existing tree. 


IMPORTANT: The scripts that manage the common proxy user introduced in OES 2015 SP1 
require port 636 for secure LDAP communications. 


Default: 389 (LDAP), 636 (Secure LDAP) 


+ FDN Admin Name with Context: Specify the name of the administrative user for the new tree. 


This is the fully distinguished name of a User object that will be created with full administrative 
rights in the new directory. 


Default: The eDirectory Admin name and context that you specified when initially configuring 
eDirectory. 


+ Admin Password: Specify the eDirectory administrator's password. 


This is the password of the user specified in the prior field. 


+ Verify Admin Password: Retype the password to verify it. 


This option only appears if you are creating a new tree. 


eDirectory Configuration - Local Server Configuration 


+ Enter Server Context: Specify the location of the new server object in the eDirectory tree. 


¢ Enter Directory Information Base (DIB) Location: Specify a location for the eDirectory 
database. 


Default: The default path is /var/opt/novell/eDirectory/data/dib, but you can use this 
option to change the location if you expect the number of objects in your tree to be large and the 
current file system does not have sufficient space. 


+ Enter LDAP Port: Specify the LDAP port number this server will use to service LDAP requests. 


Default: 389 


+ Enter Secure LDAP Port: Specify secure LDAP port number this server will use to service LDAP 
requests. 


IMPORTANT: The scripts that manage the common proxy user introduced in OES 2015 SP1 
require port 636 for secure LDAP communications. 


Default: 636 
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+ Enter iMonitor Port: Specify the port this server will use to provide access to the iMonitor 
application. 


iMonitor lets you monitor and diagnose all servers in your eDirectory tree from any location on 
your network where a web browser is available. 


Default: 8028 


+ Enter Secure iMonitor Port: Specify the secure port this server will use to provide access to the 
iMonitor application. 


Default: 8030 


eDirectory Configuration - NTP and SLP 


+ Network Time Protocol (NTP) Server: Specify the IP address or DNS hostname of an NTP 
server. 


¢ For the first server in a tree, we recommend specifying a reliable external time source. 


+ For servers joining a tree, specify the same external NTP time source that the tree is using, 
or specify the IP address of a configured time source in the tree. A time source in the tree 
should be running time services for 15 minutes or more before connecting to it; otherwise, 
the time synchronization request for the installation fails. 


If the time source server is NetWare 5.0 or earlier, you must specify an alternate NTP time 
source, or the time synchronization request fails. For more information, see “Time Services” 
in the OES 2015 SP1: Planning and Implementation Guide. 


+ Use Local Clock: Alternatively, you can select Use Local Clock to designate the server’s 
hardware clock as the time source for your eDirectory tree. 


This is not recommended if there is a reliable external time source available. 


+ (SLP Options) 


+ Use Multicast to Access SLP: Allows the server to request SLP information by using 
multicast packets. Use this in environments that have not established SLP DAs (Directory 
Agents). 


IMPORTANT: If you select this option, you must disable the firewall for SLP to work correctly. 
Multicast creates a significant amount of network traffic and can reduce network throughput. 


+ Configure as Directory Agent: Configures this server as a Directory Agent (DA). This is 
useful if you plan to have more than three servers in the tree and want to set up SLP during 
the installation. 


+ DASyncReg: Causes SLP, when it starts, to query the Directory Agents listed under 
Configured SLP Directory Agents for their current lists of registered services. It also 
causes the DA to share service registrations that it receives with the other DAs in the 
SLP Directory Agent list. 


+ Backup SLP Registrations: Causes SLP to back up the list of services that are 
registered with this Directory Agent on the local disk. 


+ Backup Interval in Seconds: Specifies how often the list of registered services is 
backed up. 


+ Configure SLP to use an existing Directory Agent: Configures SLP to use an existing 
Directory Agent (DA) in your network. Use this in environments that have established SLP 
DAs. When you select this option, you configure the servers to use by adding or removing 
them from the SLP Directory Agent list. 
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Service Location Protocols and Scope: Configures the scopes that a user agent (UA) or 
service agent (SA) is allowed when making requests or when registering services, or specifies the 
scopes that a directory agent (DA) must support. The default value is DEFAULT. Use commas to 
separate each scope. For example, net.slp.useScopes = myScope1,myScope2,myScope3. 


This information is required when selecting the Use Multicast to Access SLP or Configure SLP 
to Use an Existing Directory Agent option. 


Default: Default 


Configured SLP Directory Agents: Lets you manage the list of hostname or IP addresses of one 
or more external servers on which an SLP Directory Agent is running. 


It is enabled for input only when you configure SLP to use an existing Directory Agent. 


NetIQ Modular Authentication Services 


IMPORTANT: NMAS client software (included with Novell Client software) must be installed on each 
client workstation where you want to use the NMAS login methods. 


+ 


CertMutual: The Certificate Mutual login method implements the Simple Authentication and 
Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to provide client 
authentication to eDirectory through LDAP. 


Challenge Response: The Challenge-Response login method works with the Identity Manager 
password self-service process. This method allows either an administrator or a user to define a 
password challenge question and a response, which are saved in the password policy. Then, 
when users forget their passwords, they can reset their own passwords by providing the correct 
response to the challenge question. 


DIGEST-MD5: The Digest MD5 login method implements the Simple Authentication and Security 
Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the user to eDirectory 
through LDAP. 


NDS: The NDS login method provides secure password challenge-response user authentication 
to eDirectory. This method supports the traditional NDS password when the NMAS client is in use. 
Reinstallation is necessary only if the NDS login method object has been removed from the 
directory. 


Simple Password: The Simple Password NMAS login method provides password authentication 
to eDirectory. The Simple Password is a more flexible but less secure alternative to the NDS 
password. Simple Passwords are stored in a secret store on the user object. 


SASL GSSAPI: The SASL GSSAPI login method implements the Generic Security Services 
Application Program Interface (GSSAPI) authentication by using the Simple Authentication and 
Security Layer (SASL) that enables users to authenticate to eDirectory through LDAP by using a 
Kerberos ticket. 


If you want to install all of the login methods into eDirectory, click Select All. 


If you want to clear all selections, click Deselect All. 


For more information on these login methods, see “Managing Login and Post-Login Methods and 
Sequences” in the Novell Modular Authentication Services 3.3.4 Administration Guide. 


Defaults: Challenge Response and NDS 


OES Common Proxy User Information 
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+ Use Common Proxy User as Default for OES Products: Selecting this option configures the 
specified common proxy user for the following services: CIFS, DNS, DHCP, iFolder, NetStorage, 
and NCS. Optionally, you can specify that LUM use it. 


+ OES Common Proxy User Name: By default, the common proxy user’s name is 
OESCommonProxy_hostname, but you can specify any name that fits your naming methodology. 


By default, the common proxy user is created in the container that you specify for the server 
object. 


You can specify a different container, but it must meet one of the following qualifications: 


+ New Tree Installation: The container must be included in either the path specified for the 
eDirectory Admin user or the path for Server object. 


¢ Existing Tree Installation: The container must already exist in eDirectory. 


IMPORTANT: You cannot create a new container by specifying a non-qualifying path. If you 
attempt this, the installation program will appear to proceed normally until the eDirectory 
Configuration (ndsconfig) runs. At that point the installation will fail with an Error creating 
Common Proxy User: 32 error, and you will need to install the server again. 


+ OES Common Proxy User Password: You can accept the default system-generated password 
or specify a new password for the common proxy user. 


+ Verify OES Common Proxy User Password: If you specified a different password, type the 
same password in this field. Otherwise, the system-generated password is automatically included. 


+ Assign Common Proxy Password Policy to Proxy User: The initial common proxy password 
policy is a simple password policy created with default rules. You can modify this policy after the 
installation to enforce stricter rules regarding password length, characters supported, expiration 
intervals, and so forth. 


For additional configuration instructions, see “Installing or Upgrading NetIQ eDirectory on Linux” in 
the NetlQ eDirectory 8.8 SP8 Installation Guide. 


Novell FTP Services 


No additional configuration is required. 


Novell iFolder 


When you configure iFolder as part of the OES install and configuration, you can specify only an 
EXT3 or ReiserFS volume location for the System Store Path, which is where you store iFolder data 
for all your users. You cannot create NSS volumes during the system install. 


If you want to use an NSS volume to store iFolder data, you must reconfigure iFolder after the initial 
OES installation. To reconfigure, use Novell iManager to create an NSS volume, then go to YaST > 
Open Enterprise Server > Install and Configure Open Enterprise Services and select iFolder 3.9 to 
enter new information. All previous configuration information is removed and replaced. 


Table 3-12 Novell iFolder 3.9 Parameters and Values 


Page and Parameters 


Novell iFolder System Configuration Options 
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+ iFolder Component to Be Configured 


¢ iFolder Server: Lets you configure the settings for the iFolder server that is the central 
repository for storing user iFolders and synchronizing files for enterprise users. 


+ iFolder Web Admin: Lets you create and configure settings for the administrator user. 


The iFolder Admin user is the primary administrator of the iFolder Enterprise Server. The 
Web Admin server does not need to be configured on the iFolder Enterprise Server. Devoting 
a separate server to the Web Admin application improves the performance of the iFolder 
Enterprise Server by reducing the admin traffic. 


+ iFolder Web Access: Lets you configure the Web Access server, which is an interface that 
lets users have remote access to iFolders on the enterprise server. 


The Web Access server lets users perform all the operations equivalent to those of the 
iFolder client through using a standard web browser. 


The Web Access server does not need to be configured in the same iFolder Enterprise 
Server. Directing the user tasks to a separate server and thereby reducing the HTTP 
requests helps to improve the performance of the iFolder Enterprise Server. 


Default: All three items are selected. 


Novell iFolder System Configuration 


+ Name Used to Identify the iFolder System to Users: Specify a unique name to identify your 
iFolder Enterprise Server. 


Default: iFolder 


+ System Description (optional): Specify a descriptive label for your iFolder Enterprise Server to 
identify it to the users. 


Default: iFolder Enterprise System 


+ Path to Server's Data Files: Specify the case-sensitive address of the location where the iFolder 
Enterprise Server stores iFolder application files as well as the user iFolders and files. 


IMPORTANT: This location cannot be modified after iFolder is installed. 


Default: /var/simias/data/ 


+ Path to the Recovery Agent Certificates (optional): Specify the path to the recovery agent 
certificates that are used for recovering the encryption key. 


Default: /var/simias/data/simias 


Novell iFolder System Configuration (2) 


+ Name of iFolder Server: Specify a unique name to identify your iFolder Enterprise Server. For 
example: Host1. 


Default: The name of the OES server 


+ iFolder Public URL: Specify the public URL for users to reach the iFolder Enterprise Server. 


Default: The OES server’s IP address 


+ iFolder Private URL: Specify the private URL corresponding to the iFolder Enterprise Server to 
allow communication between the servers within the iFolder domain. The private URL and the 
public URL can be the same. 


Default: The OES server’s IP address 
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+ 


Select SSL Option for iFolder: Select the SSL option you want to use to set up a secure 


connection between the iFolder server and the iFolder clients. 


There are three options for the channel for data transfer: SSL, Non SSL, and Both. However, 
authentication is always over SSL (not optional). 


¢ Both: (default) This option lets you select a secure or a non-secure channel for 
communication among the iFolder server, Web Admin server, Web Access server, and the 
clients. By default, these components use the HTTPS (secure) communication channel. 
However, all components can also be configured to use HTTP. 


+ Non SSL: Select this option to enable non-secure communication between the iFolder 
server, Web Admin server, Web Access server, and the clients. The iFolder uses the HTTP 
channel for communication. 


¢ SSL: Select this option to enable a secure connection among the iFolder server, iFolder Web 
Admin server, iFolder Web Access server, and the iFolder clients. The iFolder uses the 
HTTPS channel for communication. 


Default: Both 
iFolder Port to Listen On: Specify the port for the iFolder to listen on. 


Default: 443 


Install into Existing iFolder Domain: Select this option when you want to attach to an existing 
iFolder domain. 


If this option is not selected, this server becomes the Master iFolder server. 
Default: Deselected 


Private URL of the Master Server: Specify the private URL of the Master iFolder server that 
holds the master iFolder data for synchronization to the current iFolder Enterprise Server. 


Configure LDAP Groups Plugin: Select this option to configure the LDAP Groups plug-in. 


If this option is left unselected, iFolder does not have LDAP Group support enabled. 


Novell iFolder LDAP Configuration 


+ 


Directory server address: The IP address shown is the default LDAP server for this service. If 
you do not want to use the default, select a different LDAP server in the list. 


If you need to add another eDirectory LDAP server to the list, use the LDAP Configuration for 
Open Enterprise Services dialog box. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. 


If you are installing into an existing tree, you must enter the password of an admin user in the tree. 


Default: The first server selected in the LDAP Configuration list of servers 
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+ Use Alternate LDAP server: If you need to add another LDAP server to the list, select this option 


and enter the following information: 


+ Alternate Directory Server Address: Specify the host or IP address of the alternate LDAP 
server that iFolder will use. 


+ LDAP Port: Specify the LDAP port to use for this alternate server. 
+ LDAP Secure Port: Specify the LDAP secure port to use for this alternate server. 


+ Admin Name and Context: Specify the administrator name and context for the alternate 
LDAP server. 


+ Admin Password: Type the specified administrator’s password. 


Novell iFolder System Configuration 


+ The iFolder Default Administrator: Specify the user name for the default iFolder administrative 


user. Use the full distinguished name of the iFolder administrative user. 


Default: The eDirectory Admin user you specified while configuring eDirectory. 


iFolder Admin Password: Specify a password for the iFolder administrative user. 


Verify iFolder Admin Password: Type the password for the iFolder administrative user again. 


LDAP Proxy User: Specify the full distinguished name of the LDAP Proxy user. 


This user must have the Read right to the LDAP service. This user is used to provision the users 
between iFolder Enterprise Server and the LDAP server. If it does not already exist, this user is 
created and granted the Read right to the root of the tree. The LDAP proxy user's domain name 
(DN) and password are stored by iFolder. 


Default: If you specified a common proxy user, it is used by default if possible. If you didn’t specify 
the common proxy user, a user object named iFolderProxy is created in the server context you 
specified. 


The common proxy user cannot be used if iFolder is running on a cluster node. If the NCS pattern 
is selected along with iFolder, this field will be populated with the iFolderProxy by default. 


LDAP Proxy User Password: Specify a password for the LDAP Proxy user. 


For more information on proxy user and password management, see “Planning Your Proxy Users” 
in the OES 2015 SP1: Planning and Implementation Guide. 


Default: A system-generated password 


+ 


Verify LDAP Proxy User Password: Type the password for the LDAP Proxy user again. 


+ 


LDAP Search Context: Click Add, then specify an LDAP tree context to be searched for users to 
provision them in iFolder. For example, o=acme, o=acme2, or o=acme3 


If no context is specified, only the iFolder administrative user is provisioned for services during the 
install. 


Default: The server context you specified while configuring eDirectory. 
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+ LDAP Naming Attribute: Select which LDAP attribute of the User account to apply when 
authenticating users. This setting cannot be changed after the install. 


Each user enters a user name in this specified format at login time. Common Name (CN) is the 
default, and an email address (email) is the other option. 


For example, if a user named John Smith has a common name of jsmith and email of 
john.smith@example.com, this field determines whether the user enters jsmith or 
john.smith@example.com as the user name when logging in to the iFolder Enterprise Server. 


Default: Common Name (CN) 


+ Require a Secure Connection Between the LDAP server and the iFolder Server: If the LDAP 
server co-exists on the same computer as the iFolder Enterprise Server, you can deselect this 
option, which increases the performance of LDAP authentications. 


Default: Selected 


Novell iFolder Web Access Configuration 


+ An Apache Alias That Will Point to the iFolder Web Access Application: This is a user- 
friendly pointer for the Apache service. 


Default: /ifolder 


+ The Host or IP Address of the iFolder Server That Will Be Used by the iFolder Web Access 
Application: This Web Access application performs all the user-specific iFolder operations on the 
host that runs the iFolder Enterprise Server. 


Default: The IP address of the OES server you are installing 


+ Redirect URL for iChain/Access Gateway (optional): Specify the redirect URL for iChain/ 
Access Gateway that will be used by the iFolder Web Access application. This URL is used for the 
proper logout of iChain/Access Gateway sessions along with the iFolder session. 


+ Connect to the iFolder Server Using SSL: Select the check box to establish a secure 
connection between the iFolder enterprise server and the iFolder Web Admin application. 


Default: Selected 


+ iFolder Server Port to Connect on: Specify the port for the iFolder server to connect to the Web 
Access application. 


Default: 443 (SSL communications), 80 (non-SSL communication) 


+ Require a secure connection between the web browser and the iFolder Web Access 
application: Select the check box to establish a secure connection between the web browser and 
the iFolder Web Access application. 


Default: Selected 


Novell iFolder Web Admin Configuration 


+ An Apache Alias That Will Point to the iFolder Web Admin Application: This is an admin- 
friendly pointer for the Apache service. 


Default: /admin 


+ The Host or IP Address of the iFolder Server That Will Be Used by the iFolder Web 
Application: The iFolder Web Admin application manages this host. 


Default: The IP address of the OES server you are installing 
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+ Redirect URL for iChain/Access Gateway (optional): Specify the redirect URL for iChain/ 
Access Gateway that will be used by the iFolder Web Admin application. This URL is used for the 
proper logout of iChain/Access Gateway sessions along with the iFolder session. 


+ Connect to the iFolder Server Using SSL: Select the check box to establish a secure 
connection between the iFolder Enterprise Server and the iFolder Web Admin application. 


+ iFolder Server Port to Connect on: Specify the port for the iFolder server to connect to the Web 
Admin application. Port 443 is the default. Port 80 is the default value for non-SSL communication. 


+ Require a secure connection between the web browser and the iFolder Web Access 
application: Select the check box to establish a secure connection between the web browser and 
the iFolder Web Admin application. 


For additional configuration instructions, see “Installing and Configuring iFolder Services” in the 
Novell iFolder 3.9.2 Administration Guide. 


Novell iManager 
Table 3-13 Novell iManager Parameters and Values 


Page and Parameters 


iManager Configuration 


+ eDirectory Tree: Shows the name of a valid eDirectory tree that you specified when configuring 
eDirectory. 


To change this configuration, you must change the eDirectory configuration. 


+ FDN Admin Name with Context Shows the eDirectory Admin name and context that you 
specified when configuring eDirectory. This is the user that has full administrative rights to 
perform operations in iManager. 


To change this configuration, you must change the eDirectory configuration. 


For additional configuration instructions, see “Installing iManager” in the NetIQ iManager Installation 
Guide. 
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Novell iPrint 
Table 3-14 Novell iPrint Parameters and Values 


Page and Parameters 


iPrint Configuration 


¢ Directory server address: The IP address shown is the default LDAP server for this 
service. If you do not want to use the default, select a different LDAP server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master 
replica or read/write replica of eDirectory. If you need to add another LDAP server to the 
list, add it by using the LDAP Configuration for Open Enterprise Services dialog box. 


+ Top-Most Container of eDirectory Tree: iPrint uses LDAP to verify rights to perform 
various iPrint operations, including authenticating users for printing and performing 
management tasks such as uploading drivers. 


During the installation of the iPrint software, iPrint attempts to identify the topmost container 
of the eDirectory tree and sets the base dn to this container for the AuthLDAPURL entry in 
/etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf. 


For most installations, this is adequate because users are often distributed across 
containers. 


IMPORTANT: If you have multiple peer containers at the top of your eDirectory tree, leave 
this field blank so that the LDAP search begins at the root of the tree. 


For additional configuration instructions, see “Installing and Setting Up iPrint on Your Server” in the 
OES 2015 SP1: iPrint Linux Administration Guide. 


Novell Linux User Management 
Table 3-15 Novell Linux User Management Parameters and Values 


Page and Parameters 


Linux User Management Configuration 


+ Directory Server Address: The IP address shown is the default LDAP server for this service. If 
you do not want to use the default, select a different LDAP server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using 
the LDAP Configuration for Open Enterprise Services dialog box. 


For information about specifying multiple LDAP servers for Linux User Management (LUM), see 
“Configuring a Failover Mechanism” in the OES 2015 SP1: Linux User Management 
Administration Guide. 


Default: The first server selected in the LDAP Configuration list of servers 
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+ Unix Config Context: The UNIX Config object holds a list of the locations (contexts) of UNIX 
Workstation objects in eDirectory. It also controls the range of numbers to be assigned as UIDs 
and GIDs when User objects and Group objects are created. 


Specify the eDirectory context (existing or created here) where the UNIX Config object will be 
created. An LDAP search for a LUM User, a LUM Group, or a LUM Workstation object begins 
here, so the context must be at the same level or higher than the LUM objects searched for. 


If the UNIX Config Object is placed below the location of the User objects, the /etc/nam. conf 
file on the target computer must include the support-outside-base-context=yes parameter. 


Geographically dispersed networks might require multiple UNIX Config objects in a single tree, 
but most networks need only one UNIX Config object in eDirectory. 


Default: The server context specified in the eDirectory configuration 


+ Unix Workstation Context: Computers running Linux User Management (LUM) are 
represented by UNIX Workstation objects in eDirectory. The object holds the set of properties 
and information associated with the target computer, such as the target workstation name or a 
list of eDirectory groups that have access to the target workstation. 


Specify the eDirectory context (existing or created here) for the UNIX Workstation object created 
by the install for this server. The context should be the same as or below the UNIX Config 
Context specified above. 


Default: The context you specified for this OES server in the eDirectory configuration 


+ Proxy User Name with Context (Optional): If you specified a common proxy user, and you 
select the Use OES Common Proxy User option (below) it is used by default. If you didn’t 
specify a common proxy user, you can specify a user (existing or created here) with rights to 
search the LDAP tree for LUM objects. 


+ Proxy User Password: If you are using the common proxy user, the password is automatically 
entered for you. Otherwise, you can specify a password (existing or created here) for the Proxy 
user. 


For more information on proxy user and password management, see “Planning Your Proxy 
Users” in the OES 2015 SP1: Planning and Implementation Guide. 


+ Use OES Common Proxy User: Check this option if you specified a common proxy user and 
want to use it as the proxy user for LUM. 


+ Restrict Access to the Home Directories of Other Users: This option is selected by default to 
restrict read and write access for users other than the owner to home directories. 


Using the default selection changes the umask setting in /etc/login.defs from 022 to 077. 


Default: Selected 


Linux User Management Configuration (2) 
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IMPORTANT: Before you change the PAM-enabled service settings, ensure that you understand the 
security implications explained in “User Restrictions: Some OES Limitations” in the OES 2015 SP1: 
Planning and Implementation Guide. 


+ Services to LUM-enable for authentication via eDirectory: Select the services to LUM- 
enable on this server. The services marked yes are available to authenticated LUM users. 


+ 


+ 


+ 


login: no 
ftp: no 
sshd: no 


If you want to use the SSH protocol to define a NetStorage storage location object, you 
must select SSHD as a LUM-enabled service. 


If you do not select SSHD, users cannot to log in to NetStorage through SSH to access their 
files. 


su: no 
sfcbd: yes 


This is selected by default because it is used by many of the OES services such as NSS, 
SMS, Novell Remote Manager, and Samba. To access iManager and NRM, you must 
enable SFCB. 


gdm: no 
gnome-screensaver: no 


gnomesu-pam: no 


For additional configuration instructions, see “Setting Up Linux User Management” in the OES 2015 
SP1: Linux User Management Administration Guide. 


Novell NCP Server / Dynamic Storage Technology 


Table 3-16 Novell NCP Server Parameters and Values 


Page and Parameters 


NCP Server Configuration 


+ Admin Name with Context: The eDirectory Admin user you specified in the eDirectory 
configuration. 


For additional configuration instructions, see “Installing and Configuring NCP Server for Linux” in the 
OES 2015 SP1: NCP Server for Linux Administration Guide. 


Novell NetStorage 


Table 3-17 Novell NetStorage Parameters and Values 


Page and Parameters 


NetStorage Configuration 
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+ Authentication Domain Host: The IP address shown is the default LDAP server for this service. 
If you do not want to use the default, select a different LDAP server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using 
the LDAP Configuration for Open Enterprise Services page. 


Default: The first server selected in the LDAP Configuration list of servers. 


+ Proxy User Name with Context: Specify the proxy user name including the context, or accept 
the default. 


This user performs LDAP searches for users logging into NetStorage. 


Default: If you specified a common proxy user, it is used by default. If you didn’t specify a 
common proxy user, the eDirectory Admin name and context that you specified when configuring 
eDirectory is specified. 


+ Proxy User Password: Specify a password for the proxy user. 


For more information on proxy user and password management, see “Planning Your Proxy Users 
in the OES 2015 SP1: Planning and Implementation Guide. 


+ User Context: Specify the NetStorage user context, or accept the default. 


This is the eDirectory context for the users that will use NetStorage. NetStorage searches the 
eDirectory tree down from the specified context for User objects. If you want NetStorage to search 
the entire eDirectory tree, specify the root context. 


Default: The Organization object you specified while configuring eDirectory 


For additional configuration instructions, see “Installing NetStorage” in the OES 2015 SP1: 
NetStorage Administration Guide for Linux. 


Novell Pre-Migration Server 


No additional configuration is required. For information, see “Preparing the Source Server for 
Migration” the OES 2015 SP1: Migration Tool Administration Guide. 


Novell Remote Manager 


No additional configuration for the installation is required. To change the configuration after the 
installation, see “Changing the HTTPSTKD Configuration” in the OES 2015 SP1: Novell Remote 
Manager Administration Guide. 


Novell Samba 
Table 3-18 Novell Samba Parameters and Values 


Page and Parameters 


Novell Samba Configuration 
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¢ Directory server address: The IP address shown is the default LDAP server for this service. If 


you do not want to use the default, select a different LDAP server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using 
the LDAP Configuration for Open Enterprise Services dialog box. 


This is the primary IP address of the LDAP server to which CIFS client users (such as Windows 
users) authenticate, to use LDAP for access to the directories and files on this OES server. 


Default The first server selected in the LDAP Configuration list of servers. 


Base Context for Samba Users: The eDirectory context (existing or created here) where the 
default Samba group is created. 


Default: The eDirectory context where the server is installed. Do not change the default unless you 
are altering the standard Samba configuration. 


Proxy User Name with Context: A user on the specified LDAP server that has rights to search 
the LDAP tree for Samba users. 


The name and context must be specified by using typeful syntax. 
(cn=name,ou=organizational_unit,o=organization) 


Default: The eDirectory context where the server is installed. 


Proxy User Password: The password of the Proxy User specified above. 


For more information on proxy user and password management, see “Planning Your Proxy Users” 
in the OES 2015 SP1: Planning and Implementation Guide. 


For additional configuration instructions, see “Installing the Novell Samba Components” in the OES 
2015 SP1: Novell Samba Administration Guide. 
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Novell Storage Services (NSS) 
Table 3-19 Novell Storage Services Parameters and Values 


Page and Parameters 


NSS Unique Admin Object 


+ Directory Server Address: The IP address shown is the default LDAP server for this service. If 
you do not want to use the default, select a different LDAP server in the list. 


If you are installing into an existing tree, ensure that the server you select has a master replica or 
read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using 
the LDAP Configuration for Open Enterprise Services dialog box. 


Default The first server selected in the LDAP Configuration list of servers. 


+ Unique object Name for NSS Admin of This: Specify the NSS Admin name and context or 
accept the default. 


This is the fully distinguished name of a User object with administrative rights to NSS. You must 
have a unique NSS admin name for each server that uses NSS. 


For more information, see “Planning Your Proxy Users” in the OES 2015 SP1: Planning and 
Implementation Guide. 


Default: The server hostname concatenated with the LDAP Admin Name you entered for this 
server,. cn=myserveradmin,o=organization. 


For additional configuration instructions, see “Installing and Configuring Novell Storage Services” in 
the OES 2015 SP1: NSS File System Administration Guide for Linux. 
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NSS Active Directory Support 
Table 3-20 NSS Active Directory Support Parameters and Values 


Page and Parameters 


+ AD Domain Name: Specify the appropriate AD domain name. 


+ AD Supervisor Group: Is the AD supervisor group name. The AD users belonging to this 
group will have supervisory rights for all the volumes associated with that OES server. 


+ AD User Name: Specify the user name that can be used for the domain join operation. This 
user requires to have the following privileges: rights to reset password, create computer 
objects, delete computer objects, and read and write the msDs - 
supportedEncryption Types attribute. 


+ Password: Specify the appropriate password of the user who is used for the domain join 
operation. 


+ Container to Create Computer Object: You can specify the container under which the OES 
2015 computer object will be created. The default container is CN=Computers. If you have 
already created an OES 2015 computer object in Active Directory, select Use pre-created 
computer object, then specify the container name where the pre-created OES computer 
object exists. 


+ Novell Identity Translator (NIT) Configuration: NIT is used to manage the eDirectory and 
Active Directory user identities such as UID, GUID, SID, and user name. It maps those user 
identities and translates from one identity to another. For more information on NIT, see 
Section 7.5, “About Novell Identity Translator (NIT),” on page 175. 


If you want NIT to generate UIDs for AD users, select Generate UID for AD users, then 
specify the UID range. The default range is from 100000 to 200000. If you want NIT to fetch 
UIDs, do not select the Generate UID for AD users option. 


For additional configuration instructions, see Chapter 7, “Installing and Configuring NSS Active 
Directory Support,” on page 165. 


Deprecated Services: Archive and Version Services and QuickFinder 


Beginning with OES 2015, Archive and Version Services (AV) and QuickFinder services are not 
included. New installations of OES 2015 or later will not include patterns to install these components. 
If you are upgrading to OES 2015 or later from an earlier OES server (one that includes these 
packages), the AV and QuickFinder packages and the associated data will not be accessible on the 
OES 2015 or later server. 


However, the iManager plug-ins for AV and QuickFinder are still available in the OES 2015 or later 
package but not installed by default. You can install these plug-ins from iManager to manage servers 
prior to OES 2015 or later. 

1. In iManager, select Configure > Plug-in Installation > Available Novell Plug-in Modules. 

2. Select the plug-ins, Archive Versioning and QuickFinder Server Management. 

3. Click Install to install the selected plug-ins. 

4. Restart tomcat for the changes to take effect. 


rcnovell-tomcat6 restart 
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3.9 Finishing the Installation 


The installation concludes with the following steps: 


1. User Authentication Method 
2. Clean Up 
3. Release Notes 
4. Hardware Configuration 
After a successful configuration, YaST shows the Installation Completed dialog box. Do the following: 
1 (Optional) Select whether to clone your newly installed system for AutoYaST. To clone your 
system, select Clone This System for AutoYaST. 


The profile of the current system is stored in /root/autoinst .xml. Cloning is selected by 
default. 


AutoYaST is a system for automatically installing one or more SUSE Linux Enterprise systems 
without user intervention. AutoYaST installations are performed by using a control file with 
installation and configuration data. For detailed information, see Chapter 9, “Using AutoYaST to 
Install and Configure Multiple OES Servers,” on page 189. 


2 Finish the installation by clicking Finish in the Installation Completed page. 


3 After the server reboots, continue with Section 3.10, “Verifying That the Installation Was 
Successful,” on page 107. 


3.10 Verifying That the Installation Was Successful 


One way to verify that your OES server installation was successful and that the components are 
loading properly is to watch the server reboot. As each component is loaded, the boot logger provides 
a status next to it indicating if the component is loading properly. 


You can also quickly verify a successful installation by accessing the server from your web browser. 


1 Inthe Address field of your web browser, enter the following URL: 
http:///P_or_DNS 
Replace /P_or_DNS with the IP address or DNS name of your OES server. 
You should see a web page similar to the following: 
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Home Management Services Client Software Help Current Server: 10.1.1.1 


Customers Agree! 


View Demo 


Linux Does More Let Us Help You Get Training 

Take advantage of the choices you get from the Check out the many resources we've provided Using Open Enterprise Server on Linux is easy 
world's best Linux. SUSE Linux Enterprise to help you upgrade your services from with all the familiar management tools. 

Server is certified for 5,000+ applications and NetWare to Open Enterprise Server on Linux. However, you can dive deeper into new 
hardware. Isn't that the kind of flexibility you features and capabilities with On-demand 
need? Get Resources © training 

Read More © Sign Up © 


IMPORTANT: If you see the statement “It Works!” instead of the OES Welcome Page, that 
means that the web and LAMP Server option was selected and installed as a SLES component 
on the server. The default OES behavior can be restored either by deleting the /srv/www/ 
htdocs/index.html file from the server or renaming the index.html file to a different name. 


You can also view the OES Welcome Page by using http:///P_or_DNS/welcome to access the 
server. 


If the OES server is used as a web server and when novell-web-config is run, it replaces the 
index.html of the web server with that of the OES server's welcome page (index.html). This 
causes the web server's default page being changed to the OES welcome page. To avoid this, 

use the index.html.save that is backed up by novell-web-config. 


(Optional) If you want to look at the eDirectory tree and begin to see how iManager works, go to 
the OES Information and Management web page, click Management Tools > iManager, then log 
in as user Admin (the user you created during product installation). 


You can also access iManager by typing the following URL in a browser window and logging in 
as user Admin: 


http://IP_or_DNS_name/nps/iManager .html 


3 Continue with “What's Next” on page 108. 


3.11 What's Next 


108 


After you complete the initial installation, complete any additional tasks you might need to perform. 
See “Completing OES Installation or Upgrade Tasks” on page 161. 
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4.1.1 


Installing or Configuring OES 2015 SP1 
on an Existing Server 


After installing or upgrading to Open Enterprise Server (OES 2015 SP1), you can also install 
additional products or services and configure them to work in the new environment. If you have 
installed or upgraded a server to SUSE Linux Enterprise Server (SLES) 11 SP4, you can also add 
OES 2015 SP1 services to the server. 

¢ Section 4.1, “Before You Install OES Services on an Existing Server,” on page 109 

¢ Section 4.2, “Adding/Configuring OES Services on an Existing Server,” on page 110 


¢ Section 4.3, “Adding/Configuring OES Services on a Server That Another Administrator 
Installed,” on page 114 


¢ Section 4.4, “What's Next,” on page 114 


IMPORTANT: If you have updated a server with a Support Pack, ensure that the installation source is 
pointing to the latest Support Pack media. 


Before You Install OES Services on an Existing 
Server 


In addition to the information in “Planning Your OES 2015 SP1 Implementation” in the OES 2015 
SP1: Planning and Implementation Guide, the following apply when you install OES on an existing 
server: 
¢ Section 4.1.1, “Always Use YaST to Install and Initially Configure OES Services,” on page 109 
¢ Section 4.1.2, “Don’t Install OES While Running the Xen Kernel,” on page 110 


¢ Section 4.1.3, “If You Want OES to Use a Local eDirectory Database on the Server,” on 
page 110 


Always Use YaST to Install and Initially Configure OES 
Services 
Linux administrators sometimes wrongly assume that OES services can be installed or uninstalled by 


simply installing the associated RPMs. OES services require additional configuration that is only 
supported as an add-on product installation in YaST. 


IMPORTANT: You must always install OES as an add-on product using the YaST install. For more 
information, see Section 2.10, “Always Install OES as an Add-On Product,” on page 41. 
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4.1.2 Don’t Install OES While Running the Xen Kernel 


If you are adding supported OES 2015 SP1 components to a server that is running the Xen kernel, 
you must reset the boot loader to boot the standard kernel before adding the OES 2015 SP1 
components. 


1 In YaST, select System > Boot Loader > SUSE Linux Enterprise Server 11 SP4 > Set As Default 
> Finish. 


2 Reboot the server. 
After adding the supported OES 2015 SP1 components, reset the boot loader option to Xen. 


1 In YaST, select System > Boot Loader > XEN > Set As Default > Finish. 


2 Reboot the server. 


Be sure to add only those OES 2015 SP1 components that are supported on a VM host server. For 
more information, see Step 7 on page 199. 


4.1.3 If You Want OES to Use a Local eDirectory Database on the 
Server 


If you want the OES components to use a local eDirectory database, you should install eDirectory by 
itself first, and then rerun the installation for the other OES components. 


4.2 Adding/Configuring OES Services on an Existing 
Server 


IMPORTANT: If you are not using the administrator account that originally installed the OES server 
you are adding services to, see Section 2.4, “Installing and Configuring OES as a Subcontainer 
Administrator,” on page 17 and then follow the instructions in Section 4.3, “Adding/Configuring OES 
Services on a Server That Another Administrator Installed,” on page 114. 


To add/configure OES 2015 SP1 services on an existing OES 2015 SP1 server or SLES 11 SP4 
server: 
1 Open YaST. 


2 Ifan OES 2015 SP1 installation source has not been added to the server, continue with this step. 
Otherwise, skip to Step 3. 


2a Click Software > Add-on Products. 
2b Click Add. 
2c In the Add-On Product Media dialog box, click DVD > Next. 


If you are using an alternate installation source, click the appropriate option that matches 
your installation source selection. 


2d In the Insert the Add-On Product DVD dialog box, select the appropriate drive where you 
want to insert the DVD labeled Novell Open Enterprise Server 2015 SP1 DVD 1. 


2e Click Eject. 
2f Insert the DVD labeled Novell Open Enterprise Server 2015 SP1, then click Continue. 


2g Read and accept the Novell Open Enterprise Server 2015 SP1 license agreement, then 
click Next. 


> 
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2h Confirm that the Add-On Product Installation page shows the correct path to the OES 
media, then click Next. 


2i Skip to Step 4. 


3 If an OES installation source has already been added to the server, click Open Enterprise Server 
> OES Install and Configuration. 


4 On the Software Selection page, select the OES components that you want to install or 
configure. 


Services that you have already installed are indicated by a white tick mark on a black 
background in the status check box next to the service. 


NOTE: If you select the Novell FTP pattern, a package conflict warning message is displayed. 
For more information, see Section 17.3, “Package Conflict Occurs During the Add-On Install of 
Novell FTP Pattern,” on page 238. 


IMPORTANT: You cannot uninstall an OES service by deselecting it. For more information about 
removing service functionality from the server, see Chapter 14, “Disabling OES 2015 Services,” 
on page 225. 


5 If you are only configuring or reconfiguring services that are already installed, click Accept, then 
skip to Step 9. 
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Not all OES components require eDirectory to be installed on the local server. Components that 
have a dependency on eDirectory being installed locally will prompt you to install eDirectory if it 
is not already installed. 


IMPORTANT: If you need to reconfigure eDirectory, we recommend that you use tools provided 
by eDirectory, such as iMonitor or iManager, rather than using YaST to change the configuration. 
The configuration provided in YaST is only for the initial eDirectory installation and configuration. 


If you need to reconfigure eDirectory and OES services due to database corruption, go to 
Chapter 15, “Reconfiguring eDirectory and OES Services,” on page 227 and follow the 
instructions there. 

6 After selecting the services to install, click Accept. 

7 If package changes are required for your selections, select Continue. 

8 Insert any media required to install the new packages. 

9 Change the default configuration information as required. 


‘QR vest2 = =- -= Á- = balaie 


Preparation (P Micro Focus Open Enterprise Server Configuration 


> OES Configuration 
Skip Configuration 


@ Use Following Configuration 


LDAP Configuration for Open Enterprise Services +} 


Reconfigure is disabled 


eDirectory 
Reconfigure is disabled 


iManager 


Reconfigure is disabled 


Linux User Management 
Reconfigure is disabled 


Novell DNS Services 


Configure is disabled 


Novell DHCP Services 


Configure is disabled 


Change... ~ 


In most cases, the default configuration is acceptable. You need to change the configuration at 
the following times: 


+ When the installation displays the following message to indicate that more information 
(often the administrator password) is required: 


service_name service requires additional configuration information before 
continuing or disable the configuration. 
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+ When you want to change the default configuration settings, such as enabling services for 
LUM. 


+ When you want to reconfigure a service that has already been configured. 


9a To change the configuration of a newly installed service or a service that has already been 
configured, change its configuration status to Enabled, then click the service heading link to 
access the configuration dialog box for that service. 


Newly installed services that have not been configured have the status of Configure is 
enabled. 


Services that have already been configured have a status of Reconfigure is disabled. 


9b To enable the configuration status of any disabled service configuration, click the Disabled 
link to change the status to Enabled. 


9c To delay the configuration of newly installed services to a later time, click the Enabled link to 
change the status to Configure is disabled. 


For configuration guidelines, see Section 3.8.12, “Configuration Guidelines for OES 
Services,” on page 78 or click a link below: 


+ AFP 

¢ Backup/Storage Management Services (SMS) 
¢ CIFS 

¢ Clustering (NCS) 

¢ DHCP 

¢ DNS 

+ Domain Services for Windows (DSfW) 

¢ eDirectory 

+ FTP 

¢ iFolder 

+ iManager 

¢ iPrint 

¢ Linux User Management (LUM) 

+ NCP Server/Dynamic Storage Technology 
+ NetStorage 

¢ Pre-Migration Server 

+ Novell Remote Manager (NRM) 

+ Novell Samba 

+ Novell Storage Services 

+ Novell Storage Services AD Support 


10 When all of the services have complete configuration information and the configuration or 
reconfiguration status is set to Enabled for the services that you want to configure, click Next to 
continue with the configuration process. 


11 After the service configuration process has run and is finalized, click Finish. 
12 If you are installing on an existing OES server, you can quit the installation at this point. 


If you are installing OES services for the first time on this server, see Section 3.8.5, “Specifying 
Novell Customer Center Configuration Settings,” on page 59 for help with registering OES and 
updating the software. 
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4.3 


Adding/Configuring OES Services on a Server 
That Another Administrator Installed 


To add or configure OES services on an OES server that another administrator installed, you must 
have the rights described in “Rights Required for Subcontainer Administrators” on page 18. 


1 


On the OES server, launch YaST. Then click Open Enterprise Server > OES Install and 
Configuration. 


On the Software Selection page, select the additional OES services you want to install, then click 
Accept. 


The required packages are installed. 


When the Novell Open Enterprise Server Configuration summary screen appears, click the 
disabled link under LDAP Configuration for Open Enterprise Services. 


The link changes to enabled. 


4 Click LDAP Configuration for Open Enterprise Services. 


Change the Admin Name and Context. 


IMPORTANT: Ensure all field delimiters are consistent. For example, if you are adding to the 
context already displayed, either use comma-delimited syntax or change all other delimiters to 
periods. 


Type the subcontainer admin password in the Admin Password field, then click Next. 


7 Go to Step 9 on page 112 in Section 4.2, “Adding/Configuring OES Services on an Existing 


Server,” on page 110 and continue from there. 


4.4 What's Next 


After you complete the configuration process, complete any additional tasks you might need to 
perform. See “Completing OES Installation or Upgrade Tasks” on page 161. 
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5.1 


Upgrading to OES 2015 SP1 


Open Enterprise Server (OES) 2015 SP1 provides the option of updating an existing system to the 
new version without completely reinstalling it. No new installation is needed. Existing data such as 


home directories and system configuration is kept intact. During the life cycle of the product, you can 
apply Service Packs to increase system security and correct software defects. 


¢ Section 5.1, “Supported Upgrade Paths,” on page 115 


¢ Section 5.2, “Planning for the Upgrade to OES 2015 SP1,” on page 116 
¢ Section 5.3, “Meeting the Upgrade Requirements,” on page 117 


¢ Section 5.4, “Upgrading to OES 2015 SP1,” on page 123 


¢ Section 5.5, “Using AutoYaST for an OES 2015 SP1 Upgrade,” on page 141 

¢ Section 5.6, “Channel Upgrade from OES 2015 to OES 2015 SP1,” on page 145 

¢ Section 5.7, “Channel Upgrade from OES 11 SP2 to OES 2015 SP1,” on page 150 
¢ Section 5.8, “Channel Upgrade from OES 11 SP3 to OES 2015 SP1 Using Zypper,” on page 154 
¢ Section 5.9, “Using SUSE Manager to Upgrade from OES 2015 to OES 2015 SP1,” on page 156 
¢ Section 5.10, “Verifying That the Upgrade Was Successful,” on page 157 


¢ Section 5.11, “Moving to Common Proxy Users After an Upgrade,” on page 158 
¢ Section 5.12, “What's Next,” on page 159 


Supported Upgrade Paths 


Table 5-1 outlines the supported paths for upgrading to OES 2015 SP1. 


Table 5-1 Supported OES 2015 SP1 Upgrade Paths 


Source 


OES 2 SP3 (64-bit) 


OES 11 SP2 (64-bit) 


OES 11 SP3 (64-bit) 


OES 2015 (64-bit) 


Destination 


OES 2015 SP1 (64-bit) 


OES 2015 SP1 v(64-bit) 


OES 2015 SP1 v(64-bit) 


OES 2015 SP1 (64-bit) 


Upgrade Methods Supported 


AutoYaST 
Physical media 


AutoYaST 
Physical media 
Channel upgrade 


AutoYaST 
Physical media 
Channel upgrade 


AutoYaST 
Physical media 
Channel upgrade 
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5.2 


5.2.1 


5.2.2 


5.2.3 


IMPORTANT 


¢ Source servers must have all patches applied from the appropriate SUSE Linux Enterprise 
Server (SLES) and OES patch update repositories prior to an upgrade. 


+ Post January 2019, if OES is upgraded to OES 2015 SP1, the message to import the keys might 
be displayed during the registration of the server to the customer center. For more information, 
see Appendix C, “Importing New Build Keys to the Keyring,” on page 271. 


Other OES releases can be upgraded by installing the interim support packs in order. For example, to 
upgrade from OES 2 SP2 to OES 2015 SP1, upgrade to OES 2 SP3 first and then upgrade from OES 
2 SP3 to OES 2015 SP1. 


Cross-architecture upgrades (32-bit to 64-bit and 64-bit to 32-bit) are not supported. 


Planning for the Upgrade to OES 2015 SP1 


¢ Section 5.2.1, “Be Sure to Check the Readme,” on page 116 
¢ Section 5.2.2, “Always Upgrade SLES and OES at the Same Time,” on page 116 


¢ Section 5.2.3, “Understanding the Implications for Other Products Currently Installed on the 
Server,” on page 116 


Be Sure to Check the Readme 


The “Before You Install” section documents issues that Novell plans to address in a future release. 


Always Upgrade SLES and OES at the Same Time 


You must upgrade SLES and OES at the same time. 


Understanding the Implications for Other Products 
Currently Installed on the Server 


+ “OES 2 Server Upgrades: Non-OES 2 Packages Are Retained but Might Not Work After 
Upgrading” on page 116 


OES 2 Server Upgrades: Non-OES 2 Packages Are Retained but 
Might Not Work After Upgrading 


During the upgrade process from earlier OES 2 releases to OES 2015 SP1, packages that are not 
part of the SLES 11 SP4 and OES 2015 SP1 distributions are automatically retained unless you 
select them for deletion. 


This includes third-party products you have installed, as well as other Novell products such as 
GroupWise, ZENworks, and Identity Manager. 


There is no guarantee that these products will continue to work after you upgrade. Therefore, it is 
critical that you check the product documentation for compatibility information before you upgrade 
servers with any Novell product installed. 
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5.3 


5.3.1 


For Information About This Novell Product See This Documentation 


GroupWise GroupWise online documentation (http:// 
www.novell.com/documentation/groupwise.html) 


ZENworks ZENworks online documentation (https:// 
www.novell.com/documentation/zenworks11/) 


Identity Manager Identity Management online documentation (https:// 
www.netig.com/documentation/) 


Other products All Novell online documentation (http:// 
www.novell.com/documentation/) 


If you have installed a third-party product, ensure that it is supported on SLES 11 SP4 and follow the 
upgrade instructions that should be included with it. 


Meeting the Upgrade Requirements 


Meet the following requirements before you upgrade and install any OES 2015 SP1 components: 


¢ Section 5.3.1, “Securing Current Data,” on page 117 


¢ Section 5.3.2, “Ensuring That There Is Adequate Storage Space on the Root Partition,” on 
page 118 


¢ Section 5.3.3, “Preparing the Server You Are Upgrading,” on page 118 

¢ Section 5.3.4, “Checking the Server’s IP Address,” on page 119 

¢ Section 5.3.5, “Checking the Server’s DNS Name,” on page 119 

¢ Section 5.3.6, “Ensuring That the Server Has a Server Certificate,” on page 119 
¢ Section 5.3.7, “Changing the Mount Options Before an Upgrade,” on page 120 
¢ Section 5.3.8, “Preparing an Installation Source,” on page 122 


¢ Section 5.3.9, “Synchronizing the OES Configuration Information before Starting an Upgrade,” 
on page 123 


Securing Current Data 


Before upgrading, secure the current data on the server. For example, make a backup copy of the 
data so that you can restore the data volumes later if needed. 


Save your configuration files. Copy all configuration files to a separate medium, such as a removable 
hard disk or USB stick, to secure the data. This primarily applies to files stored in /etc as well as 
some of the directories and files in /var and /opt. You might also want to write the user data in / 
home (the Home directories) to a backup medium. Back up this data as root. Only root has read 
permission for all local files. 
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5.3.2 


5.3.3 


Ensuring That There Is Adequate Storage Space on the 
Root Partition 


Before starting your upgrade, make note of the root partition and space available. 


If you suspect you are running short of disk space, secure your data before updating and repartition 
your system. There is no general rule regarding how much space each partition should have. Space 
requirements depend on your particular partitioning profile and the software selected. 


WARNING: If you require more root partition space and if it resides in an EVMS container, you might 
not be able to repartition or expand the size of the root partition without deleting data elsewhere on 
the device. 


The df -h command lists the device name of the root partition. In the following example, the root 
partition to write down is /dev/sda2 (mounted as /) with 5.8 GB available. 


Preparing the Server You Are Upgrading 


Complete the steps in Table 5-2 for your target server. 


Table 5-2 Preparing the Server You Are Upgrading 


If the Server Is Do This Before Upgrading the Server 
Running 
SLES 10 SP4 1. Ensure that the products and services you have running on the server can run 


on the new SLES 11 SP4 kernel. 


2. Download and update the latest Sentinel agent from (http://support.novell.com/ 
products/sentinel/secure/sentinelplugins.html). Failing to update the agent could 
result in SLES 11 booting issues. 


3. Ensure that the mount options for all the partitions in SLES 10 are set to Device 


ID or Device Path. For more information, see Section 5.3.7, “Changing the 
Mount Options Before an Upgrade,” on page 120. 


4. Ensure that the server meets the hardware requirements for SLES 11 SP4. See 
“System Requirements for Operating Linux” in the Deployment Guide (http:// 
www.suse.com/documentation/sles11/book_sle_deployment/data/ 
sec_x86_sysreqs.html). 


Itanium is not a supported platform for OES 2015 SP1. 
5. See the SLES 11 SP4 entry. 


SLES 11 SP4 1. See Chapter 4, “Installing or Configuring OES 2015 SP1 on an Existing Server,” 
on page 109. 
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If the Server Is Do This Before Upgrading the Server 
Running 


OES 2 SP3 1. Run YaST > Software > Online Update to patch the OES 2 SP3 server to the 
latest patch level. 
2. Ensure that the server and services are still running as desired. 


3. Upgrade to OES 2015 SP1 using the instructions in this section, then apply all 
patches and verify services. 


OES 11 SP2 1. Run YaST > Software > Online Update to patch the OES 11 SP2 server to the 
latest patch level. 


2. Ensure that the server and services are still running as desired. 


3. Upgrade to OES 2015 SP1 using the instructions in this section, then apply all 
patches and verify services. 


OES 11 SP3 1. Run YaST > Software > Online Update to patch the OES 11 SP3 server to the 
latest patch level. 


2. Ensure that the server and services are still running as desired. 


3. Upgrade to OES 2015 SP1 using the instructions in this section, then apply all 
patches and verify services. 


OES 2015 1. Run YaST > Software > Online Update to patch the OES 2015 server to the 
latest patch level. 


2. Ensure that the server and services are still running as desired. 


3. Upgrade to OES 2015 SP1 using the instructions in this section, then apply all 
patches and verify services. 


5.3.4 Checking the Server’s IP Address 


Ensure the server has a static IP address. 


5.3.5 Checking the Server’s DNS Name 


Ensure that DNS returns the correct static IP address when you ping the server's full DNS name. For 
example, 


ping myserver.example.com 


5.3.6 Ensuring That the Server Has a Server Certificate 


IMPORTANT: Most OES servers have either an eDirectory certificate or a third-party certificate 
installed. 


These instructions only apply when that is not the case. 


Ensure that the server has a server certificate that has been generated and exported as a Common 
Server certificate. 


To check for or add a certificate: 


1 Launch YaST. 


2 Click Security and Users > CA Management. 
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5.3.7 


3 If no certificate authorities (CAs) are listed, create one by clicking Create Root CA. 

If a CA is listed, you can use it by selecting the CA and clicking Enter CA. 
4 If you are using a listed CA, you must provide the CA password (generally the root password). 
5 Click Certificates > Add. 


6 Fill out the forms required for a server certificate. After the last form is complete, a server 
certificate is created and listed in the certificate list. 


7 Select the certificate you just created. 


8 Click the Export button, then select Export as Common Server Certificate. 


Changing the Mount Options Before an Upgrade 


Before starting the upgrade from OES2 to OES 2015 SP1, ensure that the mount options for all the 
partitions are set to Device ID or Device Path. The default mount option in SLES 10 is Kernel Device 
Name, which is not persistent, and therefore it is unreliable for use during an upgrade process. The 
instructions in this section are applicable for upgrades from OES 11 SP2, OES 11 SP3, OES 2015 to 
OES 2015 SP1 on XEN virtual machines. 


IMPORTANT: Mount options should not be changed when you are upgrading an OES 2 SP3 
instance installed on XEN whose root partition is on EVMS. Before starting the upgrade, apply the 
latest patches for OES 2 SP3 and SLES 10, then proceed with the upgrade to OES 2015 SP1. 


NOTE: After performing this procedure, do not attempt to boot the OES2 server. Instead, start the 
upgrade to OES 2015 SP1. 


If the mount options are incorrect, use the following procedure to select the applicable one: 


1 Log on to the OES2 server with root privileges. 
2 Inthe terminal, type yast2 disk. 
3 In the Warning dialog box, click Yes. 


4 In the Expert Partitioner window, select a partition, such as root(/), then click Edit > Fstab 
Options. 
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E YaST2@wgp-dt210 Zox 
a] Expert Partitioner 


Partition your hard disks... 


This is intended for experts. If you are not 
familiar with the concept of hard disk 
partitions and how to use them, you might 
want to go back and select automatic 
paniitioning. 


50.0 GB VMware,-VMware Virtual S 
fdevisda 14GB Linux swap swap P is) 191 
devisda2 42.5GB Linux native P 192 6526 


Nothing will be written to your 
until you confirm all your changes 
"Apply" bution. Until that point, yo 
safely abort. 


On already-existing Edit Existing Partition /dev/sda2 
pariitions, you can 
change everything except 


Format 


Type of partition: Linux native 


For LVM setup, using a non-LVM ¢ | the start and size of the r 
device and a non-LVM swap devid | partition. Str cylinder: 192 
recommended. Other than the root @ Do not format End cylinder: 6526 


swap devices, you should have pa 
managed by LVM. 


File system ID: 


foes tnx To) 


The table to the right shows the cur] 


partitions on all your hard disks. © Format 

Hard disks are designated like th 

(der nda 15 EIDE disk /aer/o Fab Optons 
EIDE disk /dev/hde 3rd EIDE d 


et. Mount Point 


[iad Encrypt file system 


apro 


/dev/sda 1st SCSI disk /dev/sd 
SCSI disk /dev/sde 3rd SCSI d 


ek. 


This notation always refers to the entire disk. 


Apply 


5 Under Fstab options:, click Device ID or Device path > OK > Finish. 
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Mount in /etc/fstab By: Normally, a file | 
system to mount is identified in /etc/fstab by 
the device name. This identification can be 
changed so the file system to mount is 
found by searching fora UUIDora 
volume label. Notall file sysems can be 
mounted by UUID or a volume label. If an 
option is disabled, it is not possible 


Volume Label: The name entred in this 
field is used as the volume label. This 
usually makes sense only when you 
activate the option for mounting by volume 
label. A volume label cannot contain the / 
charactr or spaces. 


Mount Read-Only: No writable access to 
the file system is possible. Default is false 


No access time: Access times are not 
updated when a file is read. Default is 
false 


Mountable by User: The file sysem may 
be mounted by an ordinary user. Default is 
false 


Not Mounted at System Start-up: The file 
system is not automatically mounted when 

the system stars. An entry in /etc/fstab is 

created and the file system is mounted with 

the appropriat options when the command 
mount <mount point> (<mount poini> [a] 


is the directory to which the file system is 


ha 


Fstab options: 


Mount in /etc/fstab by 


_) Device name ) 


`) Volume label (@) Device Path 
©) uui 


Volume Label 


| Mount read-only 

| No access time 

| Mountable by user 

| Do Not Mount at System Startup 


Data Journaling Mode 
| ordered 


[X] Access Control Lists (ACL) 
x! Extended User Atiributes 


Arbitrary option value 


| OK || Cancel | 


IMPORTANT: If you plan to clone your hard disks in the future, do not select Device ID asa 
mount option. The cloning process will fail. For more information, see “New default in SLES/ 


SLED 10 SP1: mount "by Device ID"”. 


6 Repeat Step 4 and Step 5 on page 121 for all the Linux partitions (not for NSS partitions). 
7 After you have changed the mount options, click Next. 
8 In the Expert Partitioner: Summary dialog box, click Finish. 

The mount options are successfully changed. 


5.3.8 Preparing an Installation Source 


Review and complete the instructions for “Setting Up a Network Installation Source” on page 37. We 
recommend using the network installation option, especially if you are upgrading multiple servers. 


122 Upgrading to OES 2015 SP1 


5.3.9 


5.4 


Synchronizing the OES Configuration Information before 
Starting an Upgrade 


The modifications that you make to an OES server using YaST are stored in the configuration files at 
/etc/sysconfig/novell. These crucial configuration information is used to upgrade an OES server. 


You can also modify an OES server outside of YaST, and those changes are stored as part of the 
respective service configuration files. In this scenario, if you upgrade the OES server, your latest 
changes will not be part of the upgrade or the upgrade might fail. This happens because your latest 
changes are not captured as part of the configuration information at /etc/sysconfig/novell. 


To synchronize the latest changes that you have done outside of YaST with the configuration files at / 
etc/sysconfig/novell, use the upgrade check script (/opt/novell/oes-install/util/ 
oes_upgrade_check.p1) that is available beginning with OES 2015 or you can download the script 
from the OES 2015 SP1 documentation site. This script assumes that the respective OES service 
configuration file information is the latest and updates it with the configuration information at /etc/ 
sysconfig/novell. 


For example, if you have modified LUM outside of YaST, LUM configuration information is stored in 
the LUM configuration file at /etc/nam.conf. When you run the oes_upgrade_check.p1 script, the 
upgrade script compares the LUM configuration information at /etc/sysconfig/novell against / 
etc/nam.conf. If there is a mismatch, the LUM configuration information from /etc/nam. conf is 
synchronized with /etc/sysconfig/novell. 


Syntax: ./oes_upgrade_check.pl <all | OES service name> 


OES service names include afp, lum, edir, cifs, iprint, dhcp, ifolder, ncs, 
netstorage, nss, and dsfw. 


Examples: 
¢ To synchronize all the individual OES service configuration information with /etc/sysconfig/ 
novell, execute the ./oes_upgrade_check.p1 all command. 


¢ To synchronize any particular OES service configuration information, for example LUM, with / 
etc/sysconfig/novell, execute the ./oes_upgrade_check.pl1 lum command. 


Upgrading to OES 2015 SP1 


Use the following instructions to complete the upgrade applicable to the installation source you are 
using: 

¢ Section 5.4.1, “For Servers with EVMS and LVM on the System Device,” on page 124 

¢ Section 5.4.2, “Using Physical Media to Upgrade,” on page 124 

¢ Section 5.4.3, “Selecting the Installation Mode Options,” on page 124 

¢ Section 5.4.4, “Specifying the Partition to Update,” on page 125 

¢ Section 5.4.5, “Specifying the Add-On Product Installation Information,” on page 126 


¢ Section 5.4.6, “Verifying and Customizing the Update Options in Installation Settings,” on 
page 127 


¢ Section 5.4.7, “Accepting the Installation Settings,” on page 130 
¢ Section 5.4.8, “Specifying Configuration Information,” on page 131 


¢ Section 5.4.9, “Finishing the Upgrade,” on page 140 
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5.4.1 For Servers with EVMS and LVM on the System Device 


If you are attempting to upgrade an OES 2 SP3 server that has boot and swap partitions controlled by 
EVMS, to OES 2015 SP1, you must manually perform the following steps before the system reboots 
in order to restore the boot and swap disks to the default /dev/system/sys_1x directory. 


Do the following before the system reboots: 


1 Update the /etc/fstab file by removing /evms/1vm2 from the swap and root partitions, then 
modify the /dev/evms/ path for /boot to /dev. 


2 Remove the /evms/1lvm2 path from the /boot/grub/menu.1st file. Optionally, verify that the / 
etc/sysconfig/bootloader file has the correct entry for the boot device. 


5.4.2 Using Physical Media to Upgrade 


1 Ensure that the server meets the upgrade requirements. See “Meeting the Upgrade 
Requirements” on page 117. 


2 Insert the OES 2015 SP1 Integrated DVD into the DVD drive of the server that you are 
upgrading to OES 2015 SP1, then reboot the machine. 


3 From the DVD boot menu, specify the following based on your current OES server version. 
+ For upgrades from OES 2, OES 11 SP2, OES 11 SP3, or OES 2015 to OES 2015 SP1: 
Select the Installation option that best fits your environment, then press Enter. 
4 Select the language that you want to use, agree to the license terms, then click Next. 
5 On the License Agreement page, click Yes, | Agree to the License Agreement > Next. 
6 Follow the prompts, using the information contained in the following sections: 
6a “Selecting the Installation Mode Options” on page 124. 
6b “Specifying the Partition to Update” on page 125. 
6c “Specifying the Add-On Product Installation Information” on page 126. 
6d “Verifying and Customizing the Update Options in Installation Settings” on page 127. 
6e “Accepting the Installation Settings” on page 130. 
6f “Specifying Configuration Information” on page 131. 
6g “Finishing the Upgrade” on page 140. 


7 Verify that the upgrade was successful. See the procedures in “Verifying That the Installation 
Was Successful” on page 107. 


8 Complete the server setup by following the procedures in “Completing OES Installation or 
Upgrade Tasks” on page 161. 


5.4.3 Selecting the Installation Mode Options 


1 When the Installation Mode page displays, select the following menu options: 
1. Update an Existing System 
2. Include Add-On Products from Separate Media 
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IMPORTANT: To upgrade previously installed OES services and install any additional OES 
services, you must select the Include Add-On Products from Separate Media option. If you 
don’t, only SLES is updated (if necessary). None of the OES services are upgraded. This 
selection is not required if you are using the integrated ISO. 


Gre (I Installation Mode 


SUSE. Linux 
Enterprise 


Preparation 
Welcome 

>» System Analysis 
Time Zone 

Installation 


Select Mode 


Sen a o 
1 ary : 
r n Installatio 3 
3 A 3 O New Installation 
Configuration x 


Check Installation 


) @ Update an Existing System 


Hostname 
Network 


Customer Center 


Online Update ; 
PEENES : © Repair Installed System 


figuration 


x Include Add-on Products from Separate Media 


2 Click Next. 


3 Continue with “Specifying the Partition to Update” on page 125 or “Specifying the Add-On 
Product Installation Information” on page 126, depending on which matches your installation. 


5.4.4 Specifying the Partition to Update 


YaST tries to determine the correct root (/) partition. If there are several possibilities, or if YaST can’t 
definitely determine the correct root partition, the Select for Update page displays. 
1 If there is only one partition listed, click Next. 
2 If there are several partitions, select the partition with /1vm in the path. 
3 Click Next. 
YaST reads the old fstab on this partition to analyze and mount the file systems listed there. 
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ERE Select for Update 


SUSE. Linux 
Enterprise Partition or System to Update: 


Preparation System / Architecture File System 


SUSE Linux Enterprise Server11 _/dew/sda2 x86 64 Linux native (ext3) 


alysis 


> System for Update 


Update 


* Update Summary 
Perform Update 


Configuration 


Perform Update 


OES Configuration 
Clean Up 
Release Notes 


= [C] Show All Partitions 


Next, YaST tries to mount the boot (/boot) partition. 
4 Continue with “Specifying the Add-On Product Installation Information” on page 126. 


5.4.5 Specifying the Add-On Product Installation Information 


1 When the Add-On Product Installation page displays, click Add. 


2 In the Add-On Product Media page, if you are installing from physical media, click DVD > Next. 
Otherwise, skip to Step 3. 


2a In the Insert the Add-On Product DVD dialog box, select the drive where you want to insert 
the DVD labeled Novell Open Enterprise Server 2015 SP1 DVD if there is more than one 
drive. 


2b Click Eject. 


2c Insert the DVD labeled Novell Open Enterprise Server 2015 SP1 DVD, click Continue, then 
skip to Step 4. 


3 If you are using an alternate installation source (such as a network location), click the 
appropriate option (such as the network protocol that matches your installation source), then 
click Next and specify the information for the source you have specified. 


4 Read and accept the Novell Open Enterprise Server 2015 SP1 license agreement, then click 
Next. 


5 Confirm that the Add-On Product Installation page shows the correct path to the OES media, 
then click Next. 


126 Upgrading to OES 2015 SP1 


5.4.6 


Verifying and Customizing the Update Options in 


Installation Settings 


IMPORTANT: To verify that previously installed services are selected for installation and to install any 
additional OES services during the upgrade, you must customize the Update Options on the 


Installation Settings page. 


To verify or customize the software packages that are installed on the server: 


1 


2 On the Installation Settings page, click Update Options. 


If Novell Open Enterprise Server is not listed, click the Add-On Products link and follow the steps 
in “Specifying the Add-On Product Installation Information” on page 126. 


3 In the Update Options page, click Update with Installation of New Software and Features Based 


on the Selection > Select Patterns. 


Ome 


SUSE. Linux 
Enterprise 


Preparation 


n for Update 


Update 


> Update Summary 
* Perform Update 


Configuration 


Perform Update 
Network 
Customer Center 
Online Update 
OES Configuration 
Clean Up 


Release Notes 


(I Update Options 


Update from SUSE Linux Enterprise Server 11 to SUSE Linux Enterprise Server 11 SP4 
Update Mode 


Update with Installation of New Software and Features 
@ Based on the Selection: 


© Only Update Installed Packages 


You have already chosen software from "Detailed selection", 
You will lose that selection if you change the basic selection. 


4 All of the OES Services patterns that were previously installed are selected by default. 
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| 
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Ensure that the patterns for the services you are upgrading are selected, then select the patterns 
for any new OES Services patterns that you might want to also install. 


A description displays to the right of a pattern when the pattern is selected. For a description of 
OES Services patterns and the components selected with each pattern, see Table 2-5 on 
page 29. 


Some OES services, such as Novell CIFS and Novell Samba, are not supported together on the 
same server. For more information, see “Unsupported Service Combinations” in the OES 2015 
SP1: Planning and Implementation Guide. 
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IMPORTANT: If you deselect a pattern after selecting it, you are instructing the installation 
program to not install that pattern and all of its dependent patterns. Rather than deselecting a 
pattern, click Cancel to cancel your software selections, then click the Select Patterns heading 
again to choose your selections again. 


Selecting only the patterns that you want to install ensures that the patterns and their dependent 
patterns and packages are installed. 


If you click Accept and then return to software pattern selection page, the selections that you 
made become your base selections and must be deselected if you want to remove them from the 
installation proposal. 


Attempting to uninstall a service by deselecting its pattern is not recommended. For more 
information, see Chapter 14, “Disabling OES 2015 Services,” on page 225. 


Selecting a pattern automatically selects the other patterns that it depends on to complete the 
installation. 


ae (P Software Selection and System Tasks 


SUSE. Linux 7 7 

Enterprise Pattern 

Base Technologies 
Base System 

AppArmor 

32-Bit Runtime Environment 
XEN Virtualization Host (non-.., 
KVM Virtualization Host (non-... 
Help and Support Document... 
Minimal System (Appliances) 
Open Enterprise Se... 


AFP 


Preparation 


Update 


“agooonra" 


» Update Summary 


Perform Update 


Configuration 
Backup / Storage Man... 


Perform Update 
CIFS 


O, 


"i" Novell Cluster Services (NCS) 


peace Novell DHCP 
a ey jovel 
= 


wh Novell DNS 


OES Configuration 


Clean Up 
Release Notes 


ay Novell Domain Services for Wi... 
EA 


NetIQ eDirectory 


fb Novell FTP 


P Novell iFolder 
@ |} Novell iManager 


an] Novell iPrint Name | Disk Usage 


R Novell Linux User Manageme... E 22% 11.2 GB 15.8 GB 


5 If you want to see the details of your selections, click Details.... 
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File Package Dependencies Options Extras Help 


View ~| Search Installation Summary | [ža] 
| | Pattern / H | 
= Base Technologies / |Package Summary Installed (Available) Size lal | 
x poe” $2 NICI US and... 2.7.7-2.1 (2.7.7-1.2) 
Se E ‘ * nici64 NICI US and... 2.7.7-2.1 (2.7.7-1.2) 1.6 MiB 
= Ti sp Mia elhe £ novell-NDSbase Directory Us... 8.8.8.4-0.7.11.1 (8.8.8.6-0.12.... 2.2 MiB 
PT E E A ma | $. novell-NLDAPbase LDAP SSL Lib... 8.8.8.4-0.7.7.1 (8.8.8.5-0.15.22) 1.5 MiB 
E a a AA | £. novell-NLDAPsdk LDAP SDK Lib... 8.8.8.4-0.7.7.1 (8.8.8.5-0.15.22) 260.0 KiB 
= ae Te eh Ek £. novell-NOVLice NetIQ eDirec... 8.8.8.4-0.7.11.1 (8.8.8.6-0.12.... 936.0 KiB 
Rs OFER En tluki ae | 4 novell-NOVLImgnt NetIQ Langu... 8.8.8.1-0.5.2 (8.8.8.1-0.8.9) 885.0 KiB 
3 pen nterprise Se... | * novell-NOVLxis NetIQ XIS 8.8.8-0.5.1 (8.8.8-0.8.8) 3.1 MiB 
A r= | Novell AFP * novell-npkiapi NetIQ Public... 8.8.8.4-0.5.3 (8.8.8.5-0.11.15) 852.0 KiB 
— | $. novell-npkit Public Key Inf... 8. 4-0.5.3 (8,8.8.5-0,9.41) 567.0 KiB 
£ E Novell Backup / Storage Man... | * novell-ntls NetIQ Transp... 8.8.8.3-0.5.4 (8.8.8.5-0.12.15) 1.4 MiB 
-= | % novell-imanager Novell iMana... (2.7.7-0.44.28) 52.4 MiB 
iJ wes Novell CIFS | £ novell-iprint-management iManager Plu... (6.12.0-0.44.9) 1.8 MiB 
| £ novell-plugin-afp Apple File Pr... (1.5.0-0.21.43) 1.7 MiB 
iJ tite Novell Cluster Services (NCS) | £ novell-plugin-arkmanager iManager plu... (3.3.0-6.20.77) 2.0 MiB 
| £ novell-plugin-backup-restore iManager Ba... (2,7-64,119) 1.8 MiB 
~~ Novell DHCP | “% novell-plugin-base The iManage... (2.7.7-0.44.28) 8.0 MiB 
=O | % novell-plugin-case-sensitive-password CSP Plugin f... (2.7-64.95) 211.0 KiB 
we Novell DNS | £ novell-plugin-cifs Novell Stora... (2.4,0-0.23.43) 719,0 KiB 
E | £ novell-plugin-cluster-services Novell Stora... (3.10.0-0.31.42) 22.5 MiB) | 
GRI Novell Domain Services for Wi... | | % nove -plugin-dfs Novell Distrib... (1.4,0-0.70.43) 4216 MiBT 
- L} ms Jee j| 


Z ® NetIQ eDirectory = 
Description | Technical Data | Dependencies | Versions | File List | Change Log | | 


nici - NICI US and Worldwide (128 bit) Crypto 


= 
= Novell FTP 


O Gp Novell 
LI Novell iFolder This package provides Cryptographic Services to Novell services and is based on BSAFE (C) RSA 1998-2010. 
2 @B Novell Manager 


Supportability: Level 3 | 


Z Novell iPrint 
m 
£ & Novell Linux User Manageme... 


g i | Novell NCP Server / Dynamic ... 


Novell NetStorage 


Novell Pre-migration Server ia 


C n = wy Cancel || Accept 


NOTE: The RPMs listed here are not selected automatically during an upgrade to OES 2015 
SP1. They must be manually selected under the following upgrade scenarios: 


+ When upgrading to OES 2015 SP1 from OES 2 SP3, ensure that you select the novell- 
ndsgrepair RPM under the eDirectory pattern. This RPM was added to OES beginning 
with OES 11 SP1. 


+ When upgrading to OES 2015 SP1, ensure that the following RPMs present: eDirectory 
(novell-edirectory-log4cxx, novell-edirectory-xdaslog, novell-edirectory- 
xdaslog-conf, and novell-edirectory-xdasinstrument ), and iManager (novell1- 
plugin-instrumentation). These RPMs were added to OES beginning with OES 11 SP2. 
The novell-plugin-instrumentation RPM is required only on servers that have 
iManager installed. If you attempt to install this RPM with zypper in novell-plugin- 
instrumentation on a server that does not have iManager installed, zypper will install 
iManager automatically due to the dependencies. This will result in iManager getting 
installed on all server. 


6 When you have the software components selected that you want to install, click Accept. 


7 When the notification about deleting unmaintained packages appears, click OK. 


8 (Conditional) If the prompt for the AGFA Fonts license displays, read the agreement, then click 
Accept. 


9 (Conditional) If the prompt for Automatic Changes displays, click Continue. 
10 (Conditional) If you are prompted to resolve any dependency conflicts, resolve them. 
11 If the Update Options page displays again, click OK. 
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12 On the Installation Settings page, ensure the following id listed under the Update Options: 
+ Update to SUSE Linux Enterprise Server 11 SP4 
+ Update to Novell Open Enterprise Server 2015 SP1 


NOTE: This page should not display Update to SUSE_ Service Pack 4 Migration Product under 
Update Options. 


If they are true, proceed with Section 5.4.7, “Accepting the Installation Settings,” on page 130. 


ae (J Installation Settings 


SUSE. Linux Click a headline to make changes or use the "Change..." menu below, 
Enterprise 


Preparation System 


* System: VMware, Inc. - VMware Virtual Platform (None) 
* Processor: Intel(R) Xeon(R) CPU E5504 @ 2,00GHz 
* Main Memory: 3 GB 


update Installation Media 


* SUSE Linux Enterprise Server 11 SP4 


> Update Summary 
Perform Update 4 Update Options 
Configuration : Critical: Do not proceed with the upgrade if you receWved 8 warang ] 


kernel-name. Before proceeding, make sure that all upgrade p 
Perform Update completed, See "Upgrading to OES 2015 SP1" in the OES 2015; 


: + Update to Novell Open Enterprise Server 2015 SP1 
Customer Center + Update to SUSE Linux Enterprise Server 11 SP4 
Online u * Update based on patterns 

: o GNOME Desktop Environment 
ic © Minimal System (Appliances) 
oX Window System 
o Novell Backup / Storage Management Service: 
© Novell Linux User Management (LUM) 
o Novell Remote Manager (NRM) 
o Novell iManager 


Update 


13 If you see package conflict errors (red text under the Packages link), refer to the OES 2015 SP1: 
Readme for resolution instructions. 


14 Continue with “Accepting the Installation Settings” on page 130. 


5.4.7 Accepting the Installation Settings 


1 Review the final Installation Settings page to ensure that you have all the Installation settings you 
desire. Ensure that the page shows all the OES Services that you want to update and install. 


2 After you have changed all the installation settings as desired, click Accept. 
3 In the Confirm Update dialog box, click Start Update. 
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Confirm Update 


Information required to perform an update is now complete. 


If you continue now, data on your hard disk will be overwritten according to the 
settings in the previous dialogs. 


Go back and check the settings if you are unsure. 


Start Update 


The base installation settings are applied and the packages are installed. 


4 While the server is updating the files, do one of the following: 


¢ For installations using a network installation source, remove the boot DVD 
(SUSE Linux Enterprise Server 11 SP3 DVD1) from the DVD drive. 


¢ For installations using a DVD installation source, leave the DVD in the DVD drive. When the 
installation process prompts you for each DVD at the appropriate time, insert the DVD. The 
progress status at the bottom of the screen indicates which DVD will be prompted for next. 


5 After the server reboots, continue with “Specifying Configuration Information” on page 55. 


5.4.8 Specifying Configuration Information 


When the server reboots, you are required to complete the following configuration information: 


¢ “Testing the Connection to the Internet” on page 132 

¢ “Specifying Novell Customer Center Configuration Settings” on page 132 
¢ “Updating the Server Software During the Upgrade” on page 135 

+ “Upgrading eDirectory” on page 137 

¢ “Specifying LDAP Configuration Settings” on page 138 


+ “Configuring Novell Open Enterprise Server Services” on page 138 
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Testing the Connection to the Internet 


On the Test Internet Connection page: 


1 Select Yes, Test Connection to the Internet, then click Next. 


2 Obtaining the latest SUSE release notes might fail at this point. If it does, view the log to verify 
that the network configuration is correct, then click Next. 


3 If the network configuration is not correct, click Back > Back and fix your network configuration. 
See “Network Interface” on page 56. The most common problem is that an invalid DNS server is 
specified. 


or 


Skip this test by clicking No, Skip This Test, then continue with Step 4. 


IMPORTANT: Most OES services configurations require a connection to the Internet. 


Skipping this test also skips downloading release notes, configuring the Novell Customer Center, 
and updating online. 


4 If you skipped the customer center test, continue with “Upgrading eDirectory” on page 137. 
Otherwise, continue with “Specifying Novell Customer Center Configuration Settings” on 
page 132. 


Specifying Novell Customer Center Configuration Settings 


To receive support and updates for your OES 2015 SP1 server, you need to register it in the Novell 
Customer Center. When the Novell Customer Center Configuration page is displayed, you have three 
options: 

+ “Updating a Registered Server (Recommended)” on page 132 

¢ “Registering the Server Later / Skipping a Registered Server Update” on page 132 

+ “Registering the Server During the Upgrade” on page 132 


Updating a Registered Server (Recommended) 


1 If you have already registered your OES 2015 SP1 server and you want to download the 
available patches, leave Configure Now (Recommended) selected, then click Next. 


YaST contacts the server (which might take a few minutes) and then downloads the available 
patches. 


2 Go to Step 8 on page 135. 

Registering the Server Later / Skipping a Registered Server Update 
1 Click Configure Later. 
2 Continue with “Upgrading eDirectory” on page 137. 

Registering the Server During the Upgrade 


1 On the Novell Customer Center Configuration configuration page, select all of the following 
options, then click Next. 
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Option What it Does 


Configure Now Proceeds with registering this server and the SLES 11 SP4 and OES product in 
the Novell Customer Center. 


Hardware Profile Sends information to the Novell Customer Center about the hardware that you 
are installing SLES 11 SP4 and OES 2015 SP1 on. 


Optional Information Sends optional information to the Novell Customer Center for your registration. 
For this release, this option doesn’t send any additional information. 


Registration Code Makes the registration with activation codes mandatory. 


Regularly Synchronize Keeps the installation sources for this server valid. It does not remove any 
with the Customer installation sources that were manually added. 
Center 


bian 4 Novell Customer Center Configuration 


SUSE. Linux 
Enterprise 


Preparation 


valysis 


em for Update Get technical support and product updates and 
manage subscriptions with Novell Customer Center 
Update 


Novell Customer Center Configuration 
Update Summary 
Performa Update © Configure Later 
5 > F: @ Configure Now (Recommended) 
Configuration 
Include for Convenience 


Perform Update : X Hardware Profile 


X Optional Information 


Network 

Customer Center 
Onli Update 
OES Configuration 
Clean Up 


Release Notes 


2 After you click Next, the following message is displayed. Wait until this message disappears and 
the Manual Interaction Required page displays. 


= YaST2@bir8-117-254 x 


Contacting server... 


This may take a while 


3 On the Manual Interaction Required page, note the information that you will be required to 
specify, then click Continue. 
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4 On the Novell Customer Center Registration page, specify the required information in the 
following fields: 


+ Email Address: The email address for your Novell Login account. 
+ Confirm Email Address: The same email address for your Novell Login account 


¢ Activation Code for SLES Components (optional): Specify your purchased or 60-day 
evaluation registration code for the SLES 11 SP3 product. 


If you don’t specify a code, the server cannot receive any updates or patches. 


+ Activation Code for OES Components (optional): Specify your purchased or 60-day 
evaluation registration code for the OES 2015 SP1 product. 


If you don’t specify a code, the server cannot receive any updates or patches. 


+ System Name or Description (optional): The hostname for the system is specified by 
default. 


If you want to change this to a description, for the Novell Customer Center, specify a 
description to identify this server. 


5 Click Submit. 
6 When the message to complete the registration displays, click Continue. 


Mozilla Browser 


File Edit View Go 
$ > F 


Novell Customer Center System Registration 


To complete the process of registering this system and getting access to online updates, you need to finish the 
registration process. To proceed, click the Continue button 


To change the registration or subscription information for this system, you can log in to the Novell Customer Center at 
any time using the same credentials that you use to log in to your Novell Login account. You can access the Novell 
Customer Center at http:/www.novell.com/center 


If you do not yet have a Novell Login account, please create one and make sure that you use the same e-mail address 
that you used when registering this system 


To create the Novell Login account, access the Novell web site at http:/www.novell.com/createaccount. 


For your convenience, you will be sent a follow up e-mail with this information 


Continue » 


N 


© 2008 Novell, Inc. All Rights Reserved 


7 After you click Continue, the following message is displayed with the Manual Interaction 
Required page. Wait until this message disappears and the Novell Customer Center 
Configuration page displays with the message: Your configuration was successful. 
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a YaST2@bir8-117-254 x 


Contacting server... 


This may take a while 


8 When you see the message Your configuration was successful on the Novell Customer 
Center Configuration, click Ok. 


9 Continue with “Updating the Server Software” on page 61. 


Updating the Server Software During the Upgrade 


If you have a successful connection to the Internet and have registered the server in the Novell 
Customer Center, the server displays the Online Update page. You can run the online update now or 
skip it and get updates later. 


To skip getting updates during the upgrade: 
1 On the Online Update page, click Skip Update then click Next. 
2 Continue with “Upgrading eDirectory” on page 137. 

To get updates during the upgrade: 


1 On the Online Update page, click Run Update. 


a 4 Online Update 


SUSE. Linux 
Enterprise 


Preparation 


Perfor 
Configuration 
Run Online Update now? 


@ Run Update 
© Skip Update 


Update 


> Online Update 


OES Configuration 


2 On the page that shows that updates are available, select the updates that you want to install, 
then click Accept. 


The check marks that are shown in the summary column of the patches list are the patches that 
have already been installed on your system. 
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File Package Patch Dependencies 


security 

Security update for tiff 

Security update for tiff 

Security update for the Linux Kernel 
Security update for the Linux Kernel 
Security update for sblim-stcb 


Security update for rsync 
Security update for pcbind 
Security update for postgresqi94 
Security update for postgresqi94 
Security update for phpS3 
Security update for phpS3 
Security update for phpS3 


Fa SES Sed Sek Ses Se Sd Sd Sd SS 


Show Patch Category: 


Patch Description 


7 Trecase sunma [sates avainnio [sie 


Needed Patches v 


Options Extras Help 


Description Technical Data Dependencies File List Change Log 


Cancel Accept 


3 When you see the message, Installation finished on the Patch Download and Installation 


page, click Next. 


ome 


SUSE. Linux 
Enterprise 


Preparation 


4 Patch Download and Installation 


Progress Log 


OK N 
Installing /1pm/x86_64/libzypp-3.38.8-0.8.3 x86_64.1pm: "Package, Patc 
Management" K 
OK 
Installing /ipm/noarch/tomcat6-serviet-2_5S-api-6.0.45-0.50.1 noarch.tp! 
implementation classes" f: 
OK 
Installing /ipm/x86_G4Adsprogs-3.1 .8-0.7.1.x86_64.1pm: "Utilities for mar 


Installing /rpmi86_64/corg-x11 -libX11-7.4-5.11 15.1 »86_64.1pm: "X.Org 
Paii Jpmi86_64/xorg-x11 -libX11-32bit-7.4-5.11 15.1 x86_64 1pm: ' 
HPA Jipmh86_64/zypperlog-1.6.330-16.4 x86_64.1pm: 

asling tpm/x86_64/zypper-1 .6.330-16.4.x86_64.1pm: "Co n 


Installing /ipm/noarch/tomcat6-jsp-2_1-api-6.0.45-0.50.1 
implementation classes" ined 
K 


4 Ifthe update makes changes to YaST, the following message displays. If so, click OK to restart 


YaST. 
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( p) Packages for package management were updated. 
g Finishing and restarting now 


5 Ifthe installation was interrupted, the following message might display. If so, click Yes to 
continue with the installation, then enter the root password. 


Starting Installation... 


The previous installation has failed. 
Would you like it to continue? 


Note: You may have to enter some information again. 
Cno | 


The online update displays again with additional updates. If a patch has changes to the kernel, 
you might want to deselect it and install it later after the installation is complete. 


6 If you do install patches that have changes to the kernel, click OK. 
7 After all the patches are installed, continue with “Upgrading eDirectory” on page 137. 


Upgrading eDirectory 


OES 2015 SP1 includes eDirectory 8.8.8. 


1 When the following dialog box appears, click Upgrade. 


OES 2015 eDirectory database (DIB) and config file found 


eDirectory has been previously installed and configured on this system. 
Select upgrade to upgrade eDirectory to the curent version. 


NOTE 


¢ If you are upgrading from OES 2 SP3, this dialog will show that the OES 2.0 eDirectory 
database (DIB) and config file were found. 


¢ If you are upgrading from OES 11 SP2, this dialog will show that the OES 11 eDirectory 
database (DIB) and config file were found. 


2 On the eDirectory Upgrade - Existing Server Information page, type the Admin password. 
3 Click Next. 

4 On the NetIQ Modular Authentication Service page, click Next. 

5 Continue with “Specifying LDAP Configuration Settings” on page 138. 
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Specifying LDAP Configuration Settings 


Many of the OES services require eDirectory. If eDirectory was not selected as a product to upgrade 
or install but other OES services that do require LDAP services were installed, the LDAP 
Configuration service displays so that you can complete the required information. 


1 Inthe eDirectory Tree Name field, specify the name for the existing eDirectory tree that you are 
installing this server into. 


2 Inthe Admin Name and Context field, specify the name and context for user Admin on the 
existing tree. 


3 Inthe Admin Password Name field, specify a password for user Admin on the existing tree. 


4 Add the LDAP servers that you want the services on this server to use. The servers that you add 
should hold the master or a read/write replica of eDirectory. Do the following for each server you 
want to add: 


4a Click Add. 

4b In the next dialog box, specify the following information for the server to add, then click Add: 
¢ Server IP Address 
+ LDAP port 
¢ Secure LDAP port 


e] 


Server Address 
LDAP Port 
389 = 


Secure LDAP Port 


636 = 
|| Add Cancel H 
4c Click Add. 


4d (Optional) Repeat Step 4a through Step 4c to add additional servers. 
5 When all the LDAP servers that you want to specify are listed, click Next. 


6 Continue with “Configuring Novell Open Enterprise Server Services” on page 138. 


Configuring Novell Open Enterprise Server Services 


After you complete the LDAP configuration or eDirectory configuration, the Novell Open Enterprise 
Server Configuration summary page is displayed, showing all the OES components you updated and 
installed and their configuration settings. 


1 Review the setting for each component and click the component heading to change any settings. 
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om (Ð Novell Open Enterprise Server Configur 


SUSE. Linux 


Enterprise © Skip Configuration 


@ Use Following Configuration 
Preparation 


LDAP Configuration for Open Enterprise Services 


Reconfigure is disabled 


Update 


eDirectory 


Update Sum a 
ESN ibi Configure is enabled 
Perform Update 
> * Admin Name: cn=admin.o=novell 
Configuration : * Path to nds.cont file: /etc/optnovell/eDirectory/cor ii 


+ NMAS Login:CertMutual: yes 


Perform Update : * NMAS Login:Challenge Response: yes 
` * NMAS Login:DIGEST-MDS: yes 
* NMAS Login:NDS: yes 
* NMAS Login:Simple Password: yes 
* NMAS Login:SASL GSSAPI Password: yes 
* OES Common Proxy’ eo 


> OES Configuration 
Clean Up 


Release Notes 


When you specify the configuration information for OES services, see the information in 
“Configuration Guidelines for OES Services” on page 78, or click a link below: 


+ AFP 

¢ Backup/Storage Management Services (SMS) 
+ CIFS 

¢ Clustering (NCS) 

+ DHCP 

* DNS 

+ Domain Services for Windows (DSfW) 

+ eDirectory 

+ FTP 

¢ iFolder 

+ iManager 

¢ iPrint 

¢ Linux User Management (LUM) 

+ NCP Server/Dynamic Storage Technology 
+ NetStorage 

+ Pre-Migration Server 

+ Novell Remote Manager (NRM) 


+ Novell Samba 
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+ Novell Storage Services 
+ NSS Active Directory Support 
2 When you are satisfied with the settings for each component, click Next. 
3 When you confirm the OES component configurations, you might receive the following error: 
The proposal contains an error that must be resolved before continuing. 


If this error is displayed, check the summary list of configured products for any messages 
immediately below each product heading. These messages indicate products or services that 
need to be configured. If you are running the YaST graphical interface, the messages are red 
text. If you are using the YaST text-based interface, they are not red. 


For example, if you selected Linux User Management in connection with other OES products or 
services, you might see a message similar to the following: 


Linux User Management needs to be configured before you can continue or disable 
the configuration. 


If you see a message like this, do the following: 
3a On the summary page, click the heading for the component. 
3b Supply the missing information in each configuration page. 


When you specify the configuration information for OES services during the upgrade, see 
the information in “Configuration Guidelines for OES Services” on page 78. 


When you have finished the configuration of that component, you are returned to the Novell 
Open Enterprise Server Configuration summary page. 


3c If you want to skip the configuration of a specific component and configure it later, click 
Enabled in the Configuration is enabled status to change the status to Configuration is 
disabled. 


If you change the status to Configuration is disabled, you must configure the OES 
components after the installation is complete. See “Installing or Configuring OES 2015 SP1 
on an Existing Server” on page 109. 


4 After resolving all product configuration problems, click Next to proceed with the configuration of 
all services and installation of iManager plug-ins. 


5 When the Readme page displays, click Next and continue with Section 5.4.9, “Finishing the 
Upgrade,” on page 140. 


5.4.9 Finishing the Upgrade 


140 


After a successful configuration, YaST shows the Installation Completed page. 


1 Deselect Clone This System for AutoYaST. Cloning is selected by default. 
This increases the speed of finishing the installation update. 


AutoYaST is a system for automatically installing one or more SUSE Linux Enterprise systems 
without user intervention. Although you can create a profile from a system that has been 
upgraded, it does not work to upgrade a similar system. 


2 Finish the upgrade by clicking Finish on the Installation Completed page. 
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5.5 Using AutoYaST for an OES 2015 SP1 Upgrade 


If you are a system administrator who needs to upgrade different versions of multiple OES servers, it 
can be time-consuming and inconvenient to repeat the process of swapping installation discs and 
providing necessary upgrade information. You can now use AutoYaST to upgrade an existing OES 
server to OES 2015 SP1 with no user intervention. Ensure that you use the integrated OES 2015 SP1 
ISO (0ES2015SP1-addon_with_SLES11-SP4-x86_64-DVD.iso) for the upgrade. 


IMPORTANT: Information provided in this section is critical. Failing to meet the prerequisites and 
follow the procedures as outlined might result in loss of data or the OES server becoming 
unrecoverable. Before performing these procedures in a live environment, we strongly recommend 
that you try them in a test environment to become familiar with the unattended upgrade process. 


¢ Section 5.5.1, “Prerequisites,” on page 141 


¢ Section 5.5.2, “Creating an Answer File to Provide the eDirectory and DSfW Passwords,” on 
page 141 


¢ Section 5.5.3, “Upgrading an OES 2 (64-bit), OES 11 SP2, OES 11 SP3, or OES 2015 Server to 
OES 2015 SP1,” on page 142 


¢ Section 5.5.4, “Upgrading an OES 2 (64-bit), OES 11 SP2, OES 11 SP3 and OES 2015 XEN 
Guest Server to OES 2015 SP1,” on page 143 


¢ Section 5.5.5, “Troubleshooting an AutoYaST Upgrade,” on page 144 


5.5.1 Prerequisites 


¢ Identify the 64-bit OES 2 SP3, OES 11 SP2, OES 11 SP3 or OES 2015 server that you want to 
upgrade, and ensure that the latest patches are applied before starting the upgrade. Ensure that 
you meet all the OES 2015 SP1 upgrade requirements specified in Section 5.3, “Meeting the 
Upgrade Requirements,” on page 117. 


+ Ensure that you have the eDirectory replica server IP address and eDirectory credentials. 
+ Ensure that the replica server is reachable over the network. 


+ Ensure that the correct eDirectory replica server's IP address is present in the eDirectory install 
configuration file (for OES 2 SP2, the file name is edir2_sp2; for OES 2 SP3, it is edir2_sp3; 
for OES 11 SP2, it is edir_oes11_sp2; for OES 11 SP3, it is edir_oes11_sp3; for OES 2015, it 
is edir_oes2015 and for OES 2015 SP1, itis edir_oes2015_sp1) at /etc/sysconfig/novell/ 
as shown below: 


CONFIG_EDIR_REPLICA_SERVER="<specify the eDirectory Replica IP>" 


¢ Create an answer file that provides the eDirectory password. For more information, see 
Section 5.5.2, “Creating an Answer File to Provide the eDirectory and DSfW Passwords,” on 
page 141. 


5.5.2 Creating an Answer File to Provide the eDirectory and DSfW 
Passwords 


During an AutoYaST upgrade, the system requires user input only to provide the eDirectory and 
DSfW passwords. This intervention can be eliminated with the help of an answer file. 


Upgrading to OES 2015 SP1 141 


5.9.3 


WARNING: During the answer file creation, no validation is performed on the passwords you enter. If 
the wrong password is entered, the upgrade will fail and the server that you are upgrading will 
become unrecoverable. 


To create an answer file, use any one of the following methods: 


Directly Generating the Answer Key File 


1. Log in to your OES 2 (64-bit), OES 11 SP2, OES 11 SP3, or OES 2015 machine as a root user 
and execute the following command: 


yast2 /usr/share/YaST2/clients/create-answer-file.ycp <eDirectory password> 
[<DsfW Administrator Password for a DsfW server upgrade>] 


NOTE: This method is not recommended because the passwords are stored in the y21og file in 
clear text. 


Exporting the Passwords to Variables 


1. In the terminal window, type the following commands: 
+ export OES _EDIR_DATA=<specify eDirectory Administrator Password> 


+ export OES DSFW_DATA=<specify the Dsfw Administrator Password for a DsfW 
server upgrade> 


+ yast2 /usr/share/YaST2/clients/create-answer-file.ycp 


Using the GUI on OES 11 SP1 and Above 


1 Using the GUI on OES 11 SP1 and above 
1a In the terminal window, type the following command: 
yast2 /usr/share/YaST2/clients/create-answer -file.ycp 
1b In the YaST2 dialog, provide the eDirectory and DSfW passwords, then click OK. 


NOTE: DSfW password should be specified only if you are upgrading a DSfW server. 


Once you have successfully generated the answer key file using any of the above stated methods, 
copy it from the current working directory to /opt/novell/oes-install/. For example, cp answer 
/opt/novell/oes-install/. 


TIP: To invoke help for creating the answer key file, in the terminal window, type yast2 create- 
answer-file.ycp --help. 


Upgrading an OES 2 (64-bit), OES 11 SP2, OES 11 SP3, or 
OES 2015 Server to OES 2015 SP1 


Ensure that you have met all the requirements listed in Section 5.5.1, “Prerequisites,” on page 141. 


1 Use the integrated iso (OES2015SP1-addon_with_SLES11-SP4-x86_64-DVD.iso) to boot the 
OES 2, OES 11 SP2, OES 11 SP3, or OES 2015 machine that you want to upgrade. 
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OE 


SUSE. Linux 
Enterprise Server 


Installation 


Repair Installed System 


Rescue System 
Firmware Test 


Memory Test 


Boot Options hutoupgrade=1 autoyast=relurl://oes/autoupgrade.xml netsetup= 


F1 Help F2 Language F3 Video Mode F4 Source F5 Kernel F6 Driver 
English (US) 800 x 600 CD-ROM Default No 


2 Inthe installation screen, select Install, and specify the following information in the Boot 
Options: 


+ For upgrade from OES 2, OES 11 SP2, OES 11 SP3, and OES 2015 to OES 2015 SP1: 
autoupgrade=1 autoyast=relurl://oes/autoupgrade. xml 
3 Press Enter. 


The upgrade proceeds without any user intervention. 


5.5.4 Upgrading an OES 2 (64-bit), OES 11 SP2, OES 11 SP3 and 
OES 2015 XEN Guest Server to OES 2015 SP1 


Ensure that you have met all the requirements listed in Section 5.5.1, “Prerequisites,” on page 141. 


1 Shut down the guest machine. 


2 Open the guest machine's XML file at /etc/xen/vm, delete the boot loader entry, then save the 
file. 


3 Use the following command to delete the guest machine: 
xm delete <guest machine> 
4 Use the following command to start the virtual manager GUI: 


os=slesii1; vm-install --vm-settings /etc/xen/vm/<guest>.xml --os-type $os --os- 
settings http://<the web server IP>/download/autoupgrade. xml 
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5 Inthe Operating System Installation screen, select the appropriate SLES 11 options as shown in 
the following image. 


By default, the autoupgrade. xml path is populated for the AutoYasST file. 
[wa Create a Virtual Machine@bir7-168-173 army 


Operating System Installation 


Specify the bootable virtual disk (often labeled as Disk 1) or 
the network installation source URL. Each CD, DVD, or ISO 
image required for installation must be added as a virtual disk 


@ Virtual Disk: | 1.6 GB CD-ROM or DVD (ffile:/root/OES2015-SP1-addon_with_SLES11-SP4-x86_64-DVD. iso) c | | dP Add | 
O network URL: | |x] 
O PXE Boot 


Some operating systems support automating the 
installation by specifying a URL or file(s). Select a 
directory to include multiple files 


AutoYaST file: | http://192.168.1.2/install/OES2015-SP1/x86_64/autoupgrade. xml | | Ena 


Some operating systems accept additional arguments, 
used to customize the installation or boot process 


Additional Arguments: | autoupgrade=1 netsetup=hostip hostip=192.168.1.1 netmask=255.255.255.0 gateway=192.168.1.254 


Select the behavior when the operating system exits 
with power off, reboot or crash. Settings take effect 
after installation is complete 


A 


Power Off. | preserve $ | Reboot: | restart S| Crash | coredump-restart 


> 


(@ cance | oS apy 


NOTE: If you choose to upgrade using an ISO, in the Virtual Disk, select the path where the 
integrated ISO exists. If you choose to upgrade using a URL, specify the HTTP path where the 
integrated installation source exists in Network URL. 


6 Inthe Additional Arguments text box, specify the parameter information for the host IP, gateway 
IP, and netmask. 


For example: 


autoupgrade=1 netsetup=hostip hostip=192.168.1.1 netmask=255.255.254.0 
gateway=192.168.1.254 


7 Click Apply. 


The upgrade proceeds without any user intervention. 


5.5.5 Troubleshooting an AutoYaST Upgrade 


+ “Providing the Correct eDirectory and DSfW Administrator Password” on page 145 
+ “Unattended Upgrade Scenarios That Require User Input” on page 145 
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5.6 


5.6.1 


Providing the Correct eDirectory and DSfW Administrator Password 


There is no validation for the passwords that you enter while creating the answer file. If you do not 
specify the correct passwords, the upgrade will not be successful and the server that you are 
upgrading will become unrecoverable. 


For a Domain Services for Windows (DSfW) server upgrade, specify the DSfW Administrator 
password after the eDirectory password. For more information, see Section 5.5.2, “Creating an 
Answer File to Provide the eDirectory and DSfW Passwords,” on page 141 


Unattended Upgrade Scenarios That Require User Input 


If you have not created the answer file, you will be prompted for the eDirectory and DSfW 
administrator passwords. 


If the eDirectory replica server's IP address is not present in the eDirectory install configuration file 
(for OES 2 SP2, the file name is edir2_sp2; for OES 2 SP3, itis edir2_sp3; for OES 11 SP2, itis 
edir_oes11_sp2; for OES 11 SP3, it is edir_oes11_sp3; for OES 2015, it is edir_oes2015 and for 
OES 2015 SP1, itis edir_oes2015_sp1) at /etc/sysconfig/novell/, you will be prompted for the 
same. For more information, see Section 5.5.1, “Prerequisites,” on page 141. 


Channel Upgrade from OES 2015 to OES 2015 SP1 


¢ Section 5.6.1, “Channel Upgrade from OES 2015 to OES 2015 SP1 Via Wagon,” on page 145 
¢ Section 5.6.2, “Channel Upgrade from OES 2015 to OES 2015 SP1 Using Zypper,” on page 148 
¢ Section 5.6.3, “Upgrading OES 2015 to OES 2015 SP1 Using SMT,” on page 149 


¢ Section 5.6.4, “Rolling Back the Server in the Middle of a Wagon-based Channel Upgrade,” on 
page 150 


Channel Upgrade from OES 2015 to OES 2015 SP1 Via 
Wagon 


1 Register the OES 2015 server with NCC using the following command: 


suse_register -a email=<Email-Address> -a regcode-sles=<SLESactivation-key> -a 
regcode-oes=<OES-activation-key> -L /root/.suse_register.log 


2 Runthe zypper lr command to ensure that OES2015-Pool, O0ES2015-Updates, SLES-11-SP3- 
Pool and SLES11-SP3-Updates catalogs are subscribed and enabled. 


3 Apply all the available patches either using zypper or yast2 online_update. In the list of 
available patches, ensure that the Enable update to Novell Open Enterprise Server 2015 
Service Pack 1is selected. If this patch is not installed, you cannot proceed with the upgrade. 


NOTE: If the patching requires a server reboot, do so when notified by the system. 


4 Start the wagon upgrade module using the yast2 wagon command. 
5 On the welcome screen, click Next. 


6 In Registration Check screen, click Run Registration if the “System not Registered” warning is 
displayed. 
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7 The Run Registration redirects to the NCC screen and click Next. Wagon does a sync and pops 
up a message Stating that the software repositories need not be changed. This happens as there 
are no updates at this stage. 


8 In the Registration Check screen, ensure that the registration summary displays “SUSE Linux 
Enterprise Server 11 SP3 has a valid registration, Novell Open Enterprise Server 2015 has a 
valid registration”. If the valid registration message is displayed, click Next, and it resets the 
package manager. 


9 In the Update Method screen, select Customer Center > Next. 


[=] Yas 2 o x 


Update Method 


Select from Where to Get the Update URL 
@ Customer Center 
O Check Automatic Repository Changes 


® © Custom URL 


[ Help ) | Back | | Abort | Next 


[Œ Computer (E Terminal || 1 Yast2 |) BSE wed Apr 6, 5:11 Pm (E) 


10 The NCC screen is displayed again. Click Next, and it does a sync and pops up a message 
stating that the configuration is successful. Click Details and ensure that the following 
repositories are enabled as shown in the following figure. 


Updated software repositories 


Enabled catalog: nu_novell_com:OES2015-SP1-Pool (nu_novell_com) 


Enabled catalog: nu_novell_com:OES2015-SP1-Updates (nu_novell_com) 


Enabled catalog: nu_novell_com:SLES11-SP4-Pool (nu_novell_com) 
Enabled catalog: nu_novell_com:SLES11-SP4-Updates (nu_novell_com) 
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NOTE: If the repositories are not enabled, click Back > Next and redo the NCC registration until 
it is successful. If you are not able to do a successful NCC registration after multiple attempts, 
abort the process and roll back the server. For more information, see Section 5.6.4, “Rolling 
Back the Server in the Middle of a Wagon-based Channel Upgrade,” on page 150. 


11 In the Distribution Upgrade Settings screen, you must see the following content under the 
Update Options section. 


+ Temporary migration product Open_Enterprise_Server Service Pack 1 Migration Product 
(Open_ Enterprise_Server-SP1-migration) will be removed 


+ Temporary migration product SUSE_SLES Service Pack 4 Migration Product 
(SUSE_SLES-SP4-migration) will be removed 


+ Product Novell Open Enterprise Server 2015 (Open_Enterprise_Server) will be upgraded 
+ Product SUSE Linux Enterprise Server 11 SP3 (SUSE_SLES) will be upgraded 


NOTE: In the following screen shot, the number of packages to be updated may vary based 
on the patterns selected. 


YaST2 
(P Distribution Upgrade Settings 
Click a headline to make changes or use the "Change..." menu below. 
Add-On Products 
e No add-on product selected for installation 
Update Options 


+ Temporary migration product Open_Enterprise_Server Service Pack 1 Migration Product (Open_Enterprise_Server-SP1- 
migration) will be removed 


+ Temporary migration product SUSE_SLES Service Pack 4 Migration Product (SUSE_SLES-SP4- migration) will be removed 
+ Product Novell Open Enterprise Server 2015 (Open_Enterprise_Server) will be upgraded 
* Product SUSE Linux Enterprise Server 11 SP3 (SUSE_SLES) will be upgraded 


* Download all packages before upgrade: Enabled 


Packages 


e Packages to Update: 472 

* New Packages to Install: 39 

* Packages to Remove: 21 

e Total Size of Packages to Update: 1.9 GB 


Backup 
e Create Backup of Modified Files 
e Create Backup of /etc/sysconfig Directory 


| Change... >| 


Help | Abot | Back || Next 


IMPORTANT: After clicking Start Upgrade, you cannot revert the server to its old state. 


12 Click Next > Start upgrade and continue with the upgrade. Once the upgrade is complete, a pop 
up is displayed informing about a server reboot; click OK and continue with the upgrade. 


13 The NCC screen is displayed once again, wherein the registration of the final product is 
triggered. Click Next and at the final success message dialog, click Finish. 
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14 
15 


Reboot the server to get the new kernel. 


After the reboot, log on to the server and run the yast2 channel-upgrade-oes command to 
complete the OES services reconfiguration. This will prompt for eDirectory or DSfW password if 
the answer file is not created. Provide the password and continue. For more information on 
creating the answer file, see Section 5.5.2, “Creating an Answer File to Provide the eDirectory 
and DSfW Passwords,” on page 141. 


5.6.2 Channel Upgrade from OES 2015 to OES 2015 SP1 Using 
Zypper 
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1 


Register the OES 2015 server with NCC using the suse_register -a email=<Email- 
Address> -a regcode-sles=<SLESactivation-key> -a regcode-oes=<0ES-activation- 
key> -L /root/.suse_register.log command. 


Run the zypper lr command to ensure that OES2015-Pool, OES2015-Updates, SLES-11-SP3- 
Pool and SLES11-SP3-Updates catalogs are subscribed and enabled. 


3 Runthe zypper update -t patch command to install package management updates. 


4 Run the zypper update -t patch command once again to install all available updates for 


10 


SLES 11 SP3 and OES2015. Ensure that the 0es2015- enable -0ES2015-SP1-online- 
migration patch is installed. If this patch is not installed, you cannot proceed with the upgrade. 


NOTE: If the patching requires a server reboot, do so when intimated by the system. 


Run the zypper pd command to ensure that the Open_Enterprise_Server-SP1-migration and 
SUSE_SLES-SP4-migration are listed but not installed. To check the products installed, run 
zypper pd -i command. 


The installed products contain information about the distribution upgrades and the migration 
products that should be installed to perform the migration. Use the zypper se -t product | 
grep -h -- "-migration" | cut -d\| -f2 command. 


A sample output is as follows: 


Open_Enterprise_Server-SP1-migration 
SUSE_SLES-SP4-migration 


Install these migration products using the zypper in -t product Open_Enterprise_Server- 
SP1-migration SUSE_SLES-SP4-migration command. 


Run the suse_register -L /root/.suse_register.1log command to register the products 
and to get the corresponding repositories. 


Run the zypper ref -s command to refresh services and repositories. 


Check the repositories using the zypper lr command. It should list OES2015-SP1-Pool, 
OES2015-SP1-Updates, SLES11-SP4-Pool and SLES11-SP4-Updates repositories, and they 
should be enabled. 


Perform a distribution upgrade using the zypper dup --from SLES11-SP4-Pool --from 
SLES11-SP4-Updates --from 0ES2015-SP1-Pool --from OES2015-SP1-Updates command. 


+ The following products are going to be REMOVED: 


Open_Enterprise_ Server Service Pack 1 Migration Product SUSE_SLES Service 
Pack 4 Migration Product 


REMARK: You can choose to ignore this message. The actual product that is being 
removed are OES 2015 SP1 Migration Product and SLES 11 SP4 Migration Product. 
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It’s safe to ignore the following messages as well. They have no impact on the channel 
upgrade. 


+ The following packages are going to be downgraded: 


libmysqlclient15 libmysqliclient_ri5 nici nici64 novell-clvmd novell- 
dnsdhcp-javaconsole 


novell-ifolder-enterprise-migration novell-ifolder-enterprise-plugins 
novell-plugin-single openssh-askpass openssl-certs 


yast2-bootloader yast2-http-server yast2-sound yast2-users yelp yelp-lang 
+ The following packages are not supported by their vendor: 


crash-eppic libblas3 libcryptsetup1 libiptcO liblapack3 libxtables9 novell- 
oes-ftpsmbclient 


NOTE: The packages listed here may vary based on your setup. 


12 Once the upgrade is successfully completed, register the new products once again using the 
suse_register -L /root/.suse_register.log command. 


13 Reboot the server. 


14 After the reboot, log on to the server and run the yast2 channel-upgrade-oes command to 
complete the OES services reconfiguration. This will prompt for eDirectory or DSfW password if 
the answer file is not created. Provide the password and continue. For more information on 
creating the answer file, see Section 5.5.2, “Creating an Answer File to Provide the eDirectory 
and DSfW Passwords,” on page 141. 


5.6.3 Upgrading OES 2015 to OES 2015 SP1 Using SMT 


1 Install and set up the SMT server. For more information on setting up SMT, see Subscription 
Management Tool (SMT) for SUSE Linux Enterprise 11. 


2 Mirror down the following channels on to the SMT server: 
+ OES 2015 SP1: OES2015-SP1-Pool and OES2015-SP1-Updates channels 
+ OES 2015: OES2015-Pool and OES2015-Updates channels 
¢ SLES 11 SP3: SLES11-SP3-Pool and SLES11-SP3-Updates 
¢ SLES 11 SP4: SLES11-SP4-Pool and SLES11-SP4-Updates Channels 


For more information on Mirroring and Managing the repositories, see Mirroring Repositories on 
the SMT Server and Managing Repositories with YaST SMT Server Management. 


3 Register the OES 2015 server with the SMT server. For more information on registering, see 
Configuring Clients with the clientSetup4SMT.sh Script in the Subscription Management Tool 
Guide. 


4 After registration, upgrading the OES 2015 to OES 2015 SP1 is the same as that of NCC 
upgrades as described from Step 2 in Section 5.6, “Channel Upgrade from OES 2015 to OES 
2015 SP1,” on page 145. 


NOTE: If you use Wagon and SMT based upgrade, you will not go through the Step 6 to Step 8 
on page 146 mentioned in Section 5.6.1, “Channel Upgrade from OES 2015 to OES 2015 SP1 
Via Wagon,” on page 145. After clicking on next in Step 5 continue from Step 9 on page 146. 
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5.6.4 Rolling Back the Server in the Middle of a Wagon-based 
Channel Upgrade 


After multiple failed attempts to do an NCC registration, follow this procedure to roll back the server to 
its previous state safely. 


1 Click Abort. 
2 In the Reverting Migration screen, click Next. 


IMPORTANT: Do not click Abort in this screen as it will abort the revert process. 


[=] YaST2 -ox 


Reverting Migration 


Migration tool has to remove the temporary migration products, 
install the previously installed ones and contact Novell Customer Center 
to get update repositories 


| Hep | | Abort Next 


3 In NCC registration screen, click Next. 
4 Follow the screen prompts and complete the revert process. 


5.7 Channel Upgrade from OES 11 SP2 to OES 2015 
SP1 


The OES 11 SP2 documentation is a single zip file. Click OES 11 SP2 documentation (https:// 
www.novell.com/documentation/oes11/pdfdoc/oes11.2.zip) to download the zip file. 


1 Install and configure OES 11 SP2 on SLES 11 SP3 with the required OES services. For more 
information, see Installing OES 11 SP2 as a New Installation in the OES 11 SP2: Installation 
Guide. 


2 Register the OES 11 SP2 server with the SMT or NCC server. 
¢ To register with the NCC server, run the following command: 
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suse_register -a email=<Email-Address> -a regcode-sles=<SLESactivation-key> 
-a regcode-oes=<0ES-activation-key> -L /root/.suse_register.log 


+ For information on registering with the SMT server, see Configuring Clients with the 
clientSetup4SMT.sh Script in the Subscription Management Tool Guide. 


3 Update the SLES 11 SP3 and OES 11 SP2 to latest patches available. For more information, see 
Updating (Patching) an OES 11 SP2 Server in the OES 11 SP2: Installation Guide. 


4 Run the zypper pd command to ensure that the SUSE_SLES-SP4-migration product is listed. 


5 Runthe zypper in -t product SUSE_SLES-SP4-migration command to install the SLES11- 
SP4-migration product. 


The following message is displayed: 
Loading repository data... 


Reading installed packages... 
Resolving package dependencies... 


The following NEW package is going to be installed: 
SUSE_SLES-SP4-migration 


The following NEW product is going to be installed: 
SUSE_SLES Service Pack 4 Migration Product 


1 new package to install. 

Overall download size: 4.0 KiB. After the operation, additional 3.0 KiB will be 
used. 

Continue? [y/n/? shows all options] (y): 


Enter 'y' to continue. 
6 Run the zypper pd -i command to check SUSE_SLES-SP4-migration product is installed. 


7 Run the suse_register -L /root/.suse_register.1log command to register the products 
and to get the SLES11-SP4 repositories (SLES11-SP4-Pool and SLES11-SP4-Updates). 


8 Check the repositories using the zypper lr command. It should list the following repositories, 
and they should be enabled. 


+ OES11-SP2-Pool 
+ OES11-SP2-Updates 
¢ SLES11-SP3-Pool 
¢ SLES11-SP3-Updates 
¢ SLES11-SP4-Pool 
¢ SLES11-SP4-Updates 


9 Run the following commands to add OES2015-SP1-Pool and OES2015-SP1-Updates 
repositories manually from the SMT or NCC server. 


zypper ar -c "https://<SMT/NCC_Server>/repo/\$RCE/0ES2015 -SP1-Pool/sle-11- 
x86_64/" 0OES2015-SP1-Pool 


zypper ar -c "https://<SMT/NCC_Server>/repo/\$RCE/0ES2015-SP1-Updates/sle-11- 
x86_64/" OES2015-SP1-Updates 


If you use nu.novell.com, run the following command with username and password to add 
OES2015-SP1-Pool repository. 


zypper ar -c "https://<Username>:<Password>@nu.novell.com/repo/\$RCE/0ES2015 - 
SP1-Pool/sle-11-x86_64" OES2015-SP1-Pool 
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zypper ar -c "https://<Username>:<Password>@nu.novell.com/repo/\$RCE/0ES2015 - 
SP1-Updates/sle-11-x86_64" OES2015-SP1-Updates 


The username and password must be Mirror Credentials available in Novell Customer Center 
(https://www.novell.com/customercenter/app/software?execution=e2s1) as follows: 


@ https://www.novell.com/customercenter/app/software?execution=e9s1 


Novell Customer Center 


Entitled Software Patches Order History Mirror Credentials 


ao 
Username: rrrrrrrr 
Password: sitiat 


Below are the Mirror Channel URLs to which you have access. Please note that the trailing slash (/) on these URLs must be included for proper access: 


10 Run the zypper ref command to refresh the repositories. If prompts to trust the new key, select 
‘a’ to trust the key. 


NOTE: If any error occurs while executing zypper ref command, ensure to resolve the error 
before proceeding. 


11 Check the repositories using the zypper lr command. It should list the following repositories, 
and they should be enabled. 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


OES11-SP2-Pool 
OES11-SP2-Updates 
OES2015-SP1-Pool 
OES2015-SP1-Updates 
SLES11-SP3-Pool 
SLES11-SP3-Updates 
SLES11-SP4-Pool 
SLES11-SP4-Updates 


12 Perform a distribution upgrade using the zypper dup --from SLES11-SP4-Pool --from 
SLES11-SP4-Updates --from 0ES2015-SP1-Pool --from 0ES2015-SP1-Updates command. 


+ 


The following products are going to be upgraded: 
Novell Open Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 
The following packages are going to be downgraded: 


libmysqlclient15 libmysqlclient_r15 novell-oes-samba-krb-printing novell- 
oes-samba-libsmbsharemodes©® novell-oes-samba-libwbclientO novell-oes- 
samba-winbind novell-oes-samba-winbind-32bit novell-pluginsdk-webservice 
openssh-askpass yast2-bootloader yast2-http-server yast2-sound yast2-users 
yelp yelp-lang 


The following packages are not supported by their vendor: 


crash-eppic libblas3 libcryptsetup1 libiptcO liblapack3 libxtables9 
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NOTE: The packages listed here may vary based on your setup. 


Verify the products to be upgraded and enter 'y' to continue. 


13 Once the upgrade is successfully completed, run the zypper rr OES2015-SP1-Pool OES2015- 
SP1-Updates <SLES11SP3_Media_RepoName> <OES11SP2_Media_RepoName> command to 
remove the OES2015-SP1-Pool and OES2015-SP1-Updates repositories that are added 
manually and SLES11-SP3 and OES11-SP2 media (CD or Network Source). 


14 Run the suse_register -L /root/.suse_register.log command to remove the old 
repositories (OES11-SP2 and SLES11-SP3) and to obtain the OES2015-SP1 and SLES11-SP4 
repositories. 


NOTE: If any error occurs while executing this command, repeat Step 2 on page 150 with SLES 
and OES activation key. 


15 Runthe zypper ar -c -f <URL_Of_SLES11SP4_Media_Network_Source/ 
URL_Of_OES2015SP1_Media_Network_Source> <SLES11SP4-Media/OES2015SP1 -Media> 
command to add the SLES11SP4/OES2015SP1 media. 


For example, 
+ If CD is used to add repositories, run the following command: 


SLES media: zypper ar -c -f /media/SLES-11-SP4-DVD-x86_6412211 SLES11SP4- 
Media 


OES media: zypper ar -c -f /media/0ES2015-SP1-addon-x86_6400521 
OES2015SP1-Media 


+ If Network Source is used to add repositories, run the following command: 


SLES media: zypper ar -c -f http://10.0.0.0/install/SLES11SP4-Media 
SLES11SP4-Media 


OES media: zypper ar -c -f http://10.0.0.0/install/0ES2015SP1-Media 
OES2015SP1-Media 


Where 10.0.0.0 is the server IP address of the network source. 
+ If ISO is used to add repositories, run the following command: 


SLES iso: zypper ar -c -f "iso:/?iso=/source/SLES-11-SP4-GM/SLES-11-SP4- 
DVD-x86_64-GM-DVD1.iso" SLES11SP4-ISO 


OES iso: zypper ar -c -f "iso:/?iso=/source/0ES2015 -SP1-addon-x86_64- 
Media1l.iso" OES2015SP1-ISO 


16 Reboot the server. 


17 After the reboot, log on to the server and run the yast2 channel-upgrade-oes command to 
complete the OES services reconfiguration. This will prompt for eDirectory or DSfW password if 
the answer file is not created. Provide the password and continue. For more information on 
creating the answer file, see Section 5.5.2, “Creating an Answer File to Provide the eDirectory 
and DSfW Passwords,” on page 141. 
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5.8 Channel Upgrade from OES 11 SP3 to OES 2015 
SP1 Using Zypper 


1 Install and configure OES 11 SP3 on SLES 11 SP4 with the required OES services. For more 


information, see Installing OES 11 SP3 as a New Installation. 
Register the OES 11 SP3 server with the SMT or NCC server. 
¢ To register with the NCC server, run the following command: 


suse_register -a email=<Email-Address> -a regcode-sles=<SLESactivation-key> 
-a regcode-oes=<0ES-activation-key> -L /root/.suse_register.log 


¢ For information on registering with the SMT server, see Configuring Clients with the 
clientSetup4SMT.sh Script in the Subscription Management Tool Guide. 


Update the SLES 11 SP4 and OES 11 SP3 to latest patches available. For more information, see 
Updating (Patching) an OES 11 SP3 Server. 


Check the repositories using the zypper lr command. It should list the following repositories, 
and they should be enabled. 


+ OES11-SP3-Pool 
+ OES11-SP3-Updates 
¢ SLES11-SP4-Pool 
¢ SLES11-SP4-Updates 


Run the following commands to add OES2015-SP1-Pool and OES2015-SP1-Updates 
repositories manually from the SMT or NCC server. 


zypper ar -c "https://<SMT/NCC_Server>/repo/\$RCE/0ES2015 -SP1-Pool/sle-11- 
x86_64/" 0OES2015-SP1-Pool 


zypper ar -c "https://<SMT/NCC_Server>/repo/\$RCE/0ES2015-SP1-Updates/sle-11- 
x86_64/" OES2015-SP1-Updates 


If you use nu.novell.com, run the following command with username and password to add 
OES2015-SP1-Pool repository. 


zypper ar -c "https://<Username>:<Password>@nu.novell.com/repo/\$RCE/0ES2015 - 
SP1-Pool/sle-11-x86_64" OES2015-SP1-Pool 


zypper ar -c "https://<Username>:<Password>@nu.novell.com/repo/\$RCE/0ES2015- 
SP1-Updates/sle-11-x86_64" OES2015-SP1-Updates 


The username and password must be Mirror Credentials available in Novell Customer Center 
(https://www.novell.com/customercenter/app/software?execution=e2s1) as follows: 
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@& https://www.novell.com/custon enter/app/software?executior 


Users 


Entitled Sofware Patches Order History Mirror Credentials 


-m 
USemame: trrrrrrrr 
Password: sitienti 


Below are the Mirror Channel URLs to which you have access. Please note that the trailing slash (/) on these URLs must be included for proper access: 


6 Run the zypper ref command to refresh the repositories. 


NOTE: If any error occurs while executing zypper ref command, ensure to resolve the error 
before proceeding. 


7 Check the repositories using the zypper 1r command. It should list the following repositories, 
and they should be enabled. 


+ 


+ 


+ 


+ 


+ 


+ 


OES11-SP3-Pool 
OES11-SP3-Updates 
OES2015-SP1-Pool 
OES2015-SP1-Updates 
SLES11-SP4-Pool 
SLES11-SP4-Updates 


8 Perform a distribution upgrade using the zypper dup --from SLES11-SP4-Pool --from 
SLES11-SP4-Updates --from 0ES2015-SP1-Pool --from 0ES2015-SP1-Updates command. 


+ 


+ 


The following product is going to be upgraded: 
Novell Open Enterprise Server 11 SP3 
The following packages are going to be downgraded: 


ifolder3-clients novell-NDSbase novell-NDSbase-32bit novell-NDScommon 
novell-NDSimon novell-NDSmasv novell-NDSmasv-32bit novell-NDSrepair novell- 
NDSserv novell-NDSserv-32bit novell-NLDAPbase novell-NLDAPbase-32bit 
novell-NLDAPsdk novell-NLDAPsdk-32bit novell-NOVLembox novell-NOVLice 
novell-NOVLice-32bit novell-NOVLsnmp novell-NOVLsubag novell-dclient 
novell-dclient-32bit novell-edirectory-jclnt novell-edirectory-ldap- 
extensions novell-edirectory-ldap-extensions-32bit novell-edirectory- 
log4cxx novell-edirectory-tsands novell-edirectory-tsands-32bit novell- 
edirectory-xdasinstrument novell-edirectory-xdaslog novell-ganglia- 
monitor-core-gmetad novell-ganglia-monitor-core-gmond novell-ganglia-web 
novell-nmas novell-nmas-libnmasext novell-nmas-libnmasext-32bit novell- 
nmas-libspmclnt novell-nmas-libspmclnt-32bit novell-nmasclient novell- 
nmasclient-32bit novell-npkiapi novell-npkiapi-32bit novell-npkiserver 
novell-npkiserver-32bit novell-npkit novell-npkit-32bit novell-ntls novell- 
ntls-32bit novell-plugin-nmas novell-plugin-pki novell-sss 


NOTE: The packages listed here may vary based on your setup. 
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Verify the products to be upgraded and enter 'y' to continue. 


9 Once the upgrade is successfully completed, run the zypper rr OES2015-SP1-Pool OES2015- 
SP1-Updates command to remove the OES2015-SP1-Pool and OES2015-SP1-Updates 
repositories that are added manually. 


10 Run the suse_register -L /root/.suse_register.log command to remove the old 
repositories (OES11-SP3) and to obtain the OES2015-SP1 repositories. 


NOTE: If any error occurs while executing this command, repeat Step 2 on page 154 with SLES 
and OES activation key. 


11 Run the zypper ar -c -f <URL_Of_SLES11SP4_Media_Network_Source/ 
URL_Of_OES2015SP1_Media_Network_Source> <SLES11SP4-Media/0OES2015SP1 -Media> 
command to add the SLES11SP4/OES2015SP1 media. 


For example, 
+ If CD is used to add repositories, run the following command: 


SLES media: zypper ar -c -f /media/SLES-11-SP4-DVD-x86_6412211 SLES11SP4- 
Media 


OES media: zypper ar -c -f /media/0ES2015-SP1-addon-x86_6400521 
OES2015SP1-Media 


+ If Network Source is used to add repositories, run the following command: 


SLES media: zypper ar -c -f http://10.0.0.0/install/SLES11SP4-Media 
SLES11SP4-Media 


OES media: zypper ar -c -f http://10.0.0.0/install/0ES2015SP1-Media 
OES2015SP1-Media 


Where 10.0.0.0 is the server IP address of the network source. 
+ If ISO is used to add repositories, run the following command: 


SLES iso: zypper ar -c -f "iso:/?iso=/source/SLES-11-SP4-GM/SLES-11-SP4- 
DVD-x86_64-GM-DVD1.iso" SLES11SP4-ISO 


OES iso: zypper ar -c -f "iso:/?iso=/source/0ES2015-SP1-addon-x86_64- 
Media1l.iso" OES2015SP1-ISO 


12 Reboot the server. 


13 After the reboot, log on to the server and run the yast2 channel-upgrade-oes command to 
complete the OES services reconfiguration. This will prompt for eDirectory or DSfW password if 
the answer file is not created. Provide the password and continue. For more information on 
creating the answer file, see Section 5.5.2, “Creating an Answer File to Provide the eDirectory 
and DSfW Passwords,” on page 141. 


5.9 Using SUSE Manager to Upgrade from OES 2015 
to OES 2015 SP1 


1 Ensure that you have completed the instructions in Section 8.9.1, “Setting Up SUSE Manager, 
on page 186 and patched the OES 2015 server with the latest patches. 


2 Perform the service pack migration: 


2a Log in to the SUSE Manager Web console with administrative credentials. 


2b Click System, then select the OES server to be migrated. 
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2c Click Software > SP Migration and verify the information of the installed product (SLES 11 
SP3 and OES 2015) and target product (SLES 11 SP4 and OES 2015 SP1). 


2d Click Schedule Migration > Confirm. 
3 After the support pack migration action completion, reboot the OES server. 
4 Log in to the OES 2015 server, run the yast2 repositories command. 


5 From the repositories, remove the OES 2015/SLES 11 SP3 installation sources (if present), then 
add the OES 2015 SP1/SLES 11 SP4 installation sources. 


6 Runthe yast2 channel-upgrade-oes command to complete the OES services reconfiguration. 
This will prompt for eDirectory or DSfW password if the answer file is not created. Provide the 
password and continue. For more information on creating the answer file, see Section 5.5.2, 
“Creating an Answer File to Provide the eDirectory and DSfW Passwords,” on page 141. 


Verifying That the Upgrade Was Successful 


One way to verify that your OES server upgrade was successful and that the components are loading 
properly is to watch as the server boots. As each component is loaded, the boot logger provides a 
status next to it indicating if the component is loading properly. 


You can also quickly verify a successful installation by accessing the server from your Web browser. 


1 In the Address field of your Web browser, enter the following URLs: 
http://IP_or_DNS 
Replace /P_or_DNS with the IP address or DNS name of your OES server. 
You should see a Web page similar to the following: 


Home Management Services Client Software Help 


Current Server: 10.1.1.1 


Customers Agree! 


View Demo 


Linux Does More 


Take advantage of the choices you get from the 
world’s best Linux. SUSE Linux Enterprise 
Server is certified for 5,000+ applications and 
hardware. Isn't that the kind of flexibility you 
need? 


Read More © 


Let Us Help You 


Check out the many resources we've provided 
to help you upgrade your services from 
NetWare to Open Enterprise Server on Linux. 


Get Resources © 


Get Training 


Using Open Enterprise Server on Linux is easy 
with all the familiar management tools. 
However, you can dive deeper into new 
features and capabilities with On-demand 
training 


Sign Up © 
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If you want to look at the eDirectory tree and begin to see how iManager works, click the 
Management Services home page, click Management Tools > iManager, and then log in as user 
Admin (the user you created during product installation). 


You can also access iManager by typing the following URL in a browser window and logging in 
as user Admin: 


http://IP_or_DNS_name/nps/iManager .html 


Verify the version of SLES and OES using the following command. It should be SLES 11 SP4 
and OES 2015 SP1. 


cat /etc/*-release 


Ensure that all the RPMs are up to date after an upgrade. You may use the following command 
to see the list of RPMs and compare them with a fresh installation of OES 2015 SP1 or an 
installation source. 


rpm -qa | sort >> <type the filename where the list of rpms will be stored> 


Continue with “What's Next” on page 159. 


Moving to Common Proxy Users After an Upgrade 


After you successfully upgrade to OES 2015 SP1, it is recommended to run the 
move_to_common_proxy . sh script as a post-upgrade activity. This script moves services (CIFS, DNS, 
DHCP, iFolder, NetStorage, NCS and LUM) that use a service-specific proxy user to common proxy 
user. Acommon proxy user helps you avoid the administrative overhead that occurs with multiple 
proxy users. 


NOTE: Two nodes in a tree cannot have the same common proxy user. 


1 After migrating to OES 2015 SP1, use the following commands to identify the list of services that 


use common proxy users and service-specific proxy users: 

cd /opt/novell/proxymgmt/bin 

./retrieve_proxy_list.sh 

cat /var/opt/novell/log/proxymgmt/pxylist.txt 

Use the following command to move the services that are not using the common proxy user: 


./move_to_common_proxy.sh -d <LDAP Admin FDN> -w <LDAP Admin Password> -i <LDAP 
server IP address> -p <LDAP port> -s <service name> 


Use a comma to separate multiple services. To move all services, use the keyword ‘all’ in the 
service name. 


For example, to move the LUM service, the command would be: 


./move_to_common_proxy.sh -d cn=admin,o=novell -w novell -i 192.168.1.255 -p 
636 -s novell-LUM 


IMPORTANT: If you choose to provide your own password, it should conform to the policy that is 
in effect for common proxy user. If the password contains single (') or double (") quotes, OES 
configuration fails. Quotes must be escaped by prefixing them with a backslash \. For example, 
to add a single quote, escape it as nove\'ll. The system-generated password always conforms to 
the policy rules. 
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After moving to common proxy user, verify the value of the field CONFIG_LDAP_PROXY_CONTEXT in the 
file /etc/sysconfig/novell/oes-1dap. If the value is empty or not in the format 
cn=0ESCommonProxy_<short hostname>, <common proxy context>, you must do the following to 
avoid any failures during upgrade: 

1 Run the command /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username. 


2 Copy the output received and paste it as the value for the field CONFIG_LDAP_PROXY_CONTEXT in 
the file /etc/sysconfig/novell/oes- ldap. 


5.12 What's Next 


After you complete the upgrade and verify that it was successful, see “Completing OES Installation or 
Upgrade Tasks” on page 161. 
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Completing OES Installation or Upgrade 
Tasks 


This section provides information for completing the following tasks: 


¢ Section 6.1, “Determining Which Services Need Additional Configuration,” on page 161 


+ 


Section 6.2, “Rebooting the Server after Installing NSS,” on page 162 


+ 


Section 6.3, “Restarting Tomcat,” on page 163 


+ 


Section 6.4, “Launching and Configuring Firefox for Linux,” on page 163 


+ 


Section 6.5, “Implementing Digital Certificates in an OES Environment,” on page 163 


Determining Which Services Need Additional 
Configuration 


NOTE: For information on configuring OES services as a different administrator than the one who 
originally installed the OES server, see Section 2.4.4, “Adding/Configuring OES Services as a 
Different Administrator,” on page 22. 


Depending on the products you have installed, there might be some tasks that you must complete 
before you can use individual service components. 


For more information, see “Caveats for Implementing OES 2015 SP1 Services” in the OES 2015 
SP1: Planning and Implementation Guide. 


If a component requires additional configuration that is not part of the Open Enterprise Server (OES) 
2015 SP1 installation, see the component's administration guide for more information. The following 
table include links to the installation and configuration information for most OES 2015 SP1 services. 


Table 6-1 OES 2015 SP1 Services Additional Installation and Configuration Instructions 


OES 2015 SP1 Service For Additional Installation and Configuration Information 


Domain Services for Windows See “Installing Domain Services for Windows” in the OES 2015 SP1: Domain 
Services for Windows Administration Guide. 


Novell AFP See “Installing and Setting Up AFP” in the OES 2015 SP1: Novell AFP for 
Linux Administration Guide. 


Novell Backup/Storage See “Installing and Configuring SMS” in the OES 2015 SP1: Storage 
Management Services (SMS) Management Services Administration Guide for Linux. 


Novell CIFS See “Installing and Setting Up CIFS” in theOES 2015 SP1: Novell CIFS for 
Linux Administration Guide. 


Novell Cluster Services See “Installing, Configuring, and Repairing Novell Cluster Services” in the 
OES 2015 SP1: Novell Cluster Services for Linux Administration Guide. 
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OES 2015 SP1 Service 


For Additional Installation and Configuration Information 


Novell DHCP See “Installing and Configuring DHCP ” in the OES 2015 SP1: DNS/DHCP 
Services for Linux Administration Guide. 
Novell DNS See “Installing and Configuring DNS ” in the OES 2015 SP1: DNS/DHCP 


Services for Linux Administration Guide. 


NetIQ eDirectory 8.8 


See “Installing or Upgrading NetIQ eDirectory on Linux” in the NetIQ 
eDirectory 8.8 SP8 Installation Guide. 


Novell iFolder 3.9 


When you configure iFolder as part of the OES install and configuration, you 
can specify only an EXT3 or ReiserFS volume location for the System Store 
Path, which is where you are storing iFolder data for all your users. You 
cannot create NSS volumes during the system install. 


If you want to use an NSS volume to store iFolder data, you must reconfigure 
iFolder after the initial OES installation. To reconfigure, use Novell iManager 
to create an NSS volume, then go to YaST > Open Enterprise Server > 
Install and Configure Open Enterprise Services and select iFolder 3.9 to 
enter new information. All previous configuration information is removed and 
replaced. 


See “Installing and Configuring iFolder Services” in the Novell iFolder 3.9.2 
Administration Guide. 


Novell iManager 2.7.7 


See “Installing iManager” in the NetIQ iManager Installation Guide. 


Novell iPrint 


See “Installing and Setting Up iPrint on Your Server” in the OES 2015 SP1: 
iPrint Linux Administration Guide. 


Novell Linux User Management 


See “Setting Up Linux User Management” in the OES 2015 SP1: Linux User 
Management Administration Guide. 


Novell NCP Server 


See “Installing and Configuring NCP Server for Linux” in the OES 2015 SP1: 
NCP Server for Linux Administration Guide. 


Novell NetStorage 


See “Installing NetStorage” in the OES 2015 SP1: NetStorage Administration 
Guide for Linux. 


Novell Remote Manager 


See “Changing the HTTPSTKD Configuration” in the OES 2015 SP1: Novell 
Remote Manager Administration Guide. 


Novell Samba 


See “Installing the Novell Samba Components’ in the OES 2015 SP1: Novell 
Samba Administration Guide. 


Novell Storage Services 


See “Installing and Configuring Novell Storage Services” in the OES 2015 
SP1: NSS File System Administration Guide for Linux. 


Pre-Migration Server 


See “Preparing for Transfer ID” in the OES 2015 SP1: Migration Tool 
Administration Guide. 


Rebooting the Server after Installing NSS 


If you install Novell Storage Services (NSS) on an existing OES server, enter rcnovell-smdrd 
restart at the terminal prompt or reboot the server before performing any backups, restores, or 
server consolidations on the NSS file system. 
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6.3 Restarting Tomcat 


If you install iManager after the server has been installed, Tomcat is not running and you must restart 
it to run iManager. 


To restart Tomcat, enter the following command at a command line prompt. 


/etc/init.d/novell-tomcat6 restart 


6.4 Launching and Configuring Firefox for Linux 


After upgrading to OES 2015 SP1, you need to launch and configure Mozilla Firefox before accessing 
other applications via a URL. 


For example, you cannot configure the Novell Customer Center from the YaST until Firefox is 
configured. 


To configure Firefox: 


1 On the GNOME desktop, click Computer > Firefox. 
or 
On the KDE desktop, click the Main Menu icon > Browse > Web Browser > Firefox. 


2 When Firefox opens, configure the browser by supplying all of the information that it requests. 
After Firefox is ready to browse the Internet, it is also ready to be used with OES. 


6.5 Implementing Digital Certificates in an OES 
Environment 


In an OES environment, you can make all communications secure by implementing a verified secure 
digital certificate. These certificates should be issued and signed by a Certificate Authority (CA). The 
CA can be a trusted third-party vendor or your own organizational CA. 


This section describes the procedures to implement digital certificates in an OES environment. 


6.5.1 Configuring the Digital Certificate 


In an eDirectory environment, create a subordinate certificate authority that allows the organization 
CA to be subordinate to a trusted third-party CA or a CA in another eDirectory tree. For more 
information on why you should create a subordinate certificate authority, see Subordinate Certificate 
Authority in the Novell Certificate Server 3.3.8 Administration Guide. 


To configure the digital certificate: 


1 Create the Certificate Signing Request (CSR) file from your OES environment. For detailed 
instructions, see Step 1 in Creating a Subordinate Certificate Authority in the Novell Certificate 
Server 3.3.8 Administration Guide. 


2 Get the CSR signed by a trusted third-party CA or another eDirectory tree. For detailed 
instructions, see Step 2 in Creating a Subordinate Certificate Authority in the Novell Certificate 
Server 3.3.8 Administration Guide. 


3 Acquire the signed CA certificate from the third-party CA or another eDirectory tree. For detailed 
instructions, see Step 3 in Creating a Subordinate Certificate Authority in the Novell Certificate 
Server 3.3.8 Administration Guide. 
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4 Import the signed CA certificates into your OES environment. For detailed instructions, see Step 
4 in Creating a Subordinate Certificate Authority in the Novell Certificate Server 3.3.8 
Administration Guide. 


5 Export the public or private keys to a PKCS#12 file in your OES environment. For detailed 
instructions, see Step 5 in Creating a Subordinate Certificate Authority in the Novell Certificate 
Server 3.3.8 Administration Guide. 


NOTE: If you already have a certificate signed by a third-party CA, skip Step 2 and Step 3. 


For more information on creating and importing certificates using third-party vendors such as 
VeriSign or RapidSSL, see the TID on How to import a Production VeriSign External Certificate 
into eDirectory using iManager (3033173). 
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The following services must reconfigured so that these services use the latest verified certificate: 
LDAP, Apache, and LUM. 


Reconfiguring LDAP 


To point the LDAP server object to the verified certificate: 


1 Log in to iManager with administrative privileges. 


2 Click the LDAP > LDAP Options > View LDAP Groups tab and the LDAP group, then select the 
Require TLS for Simple Binds with Password check box. 


3 Click Apply and OK. 


4 Click the LDAP Options > View LDAP Servers tab, then click the LDAP server > Connections. In 
the Server Certificate text box, search for and select the certificate that you created. 


5 Click Apply and OK. 
6 Repeat Step 4 and Step 5 for all the LDAP servers in the LDAP group. 


Reconfiguring Apache 


¢ If you have used an eDirectory SSL certificate, see the TID on How to use eDirectory SSL 
certificates for Apache2 on SLES OES (7014029) to reconfigure Apache. 


+ If you have used a third-party SSL certificate, see the TID on Using Apache SSL default 
certificates or third party certificates on SLES (7004384) to reconfigure Apache. 


Reconfiguring LUM 


For LUM to use the latest signed certificate: 


1 Import an SSL certificate to the local machine using the namconfig -k command. 
2 Refresh the nam settings using the namconfig cache_refresh command. 


For example, to view the certificate details, execute the openssl x509 -in /var/lib/novell- 
lum/.198.162.1.1.der -noout -inform der -text command. 
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7.1.1 


Installing and Configuring NSS Active 
Directory Support 


This section describes the procedures to install and configure Novell Storage Services Active 
Directory (NSS AD) support afresh, or after upgrading to OES 2015 SP1. 
¢ Section 7.1, “Understanding the NSS AD Support,” on page 165 
¢ Section 7.2, “NSS AD Support Matrix,” on page 168 
¢ Section 7.3, “Prerequisites for Installing and Configuring NSS AD,” on page 169 
¢ Section 7.4, “Installing or Upgrading to OES 2015 SP1 with NSS AD Support,” on page 170 
¢ Section 7.5, “About Novell Identity Translator (NIT),” on page 175 


Understanding the NSS AD Support 


Beginning with OES 2015 or later, like the eDirectory users, Active Directory users can also natively 
access the NSS resources, administer those resources, and provision rights for Active Directory 
trustees. OES 2015 or later enables you to join to an Active Directory domain and provide seamless 
access to Active Directory identities for using NSS resources. OES does not duplicate identities 
across eDirectory and Active Directory, thus enabling users in an Active Directory environment to 
access NSS resources without having the users exist in eDirectory. This solution is termed as Novell 
Storage Services Active Directory (NSS AD) Support. 


To understand NSS AD, it is essential to know how NSS resource access was until OES 11 SP2 and 
how it is going to be beginning with OES 2015 or later. 


NSS Resource Access Until OES 11 SP2 


The following illustration, in a nutshell, depicts how authentication, authorization, and file access was 
until OES 11 SP2. 
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File Access 


In the traditional OES file access model, Windows and Linux workstations use the CIFS protocol for 
file access. Novell Client software for both Windows and Linux uses the NetWare Core Protocol 
(NCP) to provide the file services and Macintosh workstations communicate using AFP or CIFS. To 
access NSS resources using FTP, Samba, SSH, and SCP, users must be LUM-enabled. 
Authentication 

Only eDirectory is supported as an identity source. All file service access is controlled by eDirectory 
authentication. 


Authorization 


The authorization to access NSS resources using NCP and CIFS happens at the respective protocols 
level. On the other hand, users trying to access NSS resources using AFP, FTP, Samba, SSH, and 
SCP are authorized at NSS file system level. 


Management Tools and Interfaces 


OES provides the following set of management interfaces and tools to manage your network. 
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Rights Management: iManager, rights utility, NCPCON utilities, Novell Client for Windows and 
Novell Client for Linux 


User Management: iManager 


Storage Management: iManager, NRM (DST Policy Management, primary shadow volume 
management and so on), NSSMU, and NLVM. 


7.1.2 NSS Resource Access Beginning with OES 2015 or Later 


The following diagram, in a nutshell, depicts how authentication, authorization, and file access will be 
beginning with OES 2015 or later. 
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File Access 


Beginning with OES 2015 or later, Active Directory users can authenticate to Active Directory and 
natively access NSS resources using only the CIFS protocol. NSS file access for Active Directory 
users using NCP, FTP, AFP, and Samba is not supported. 


There is no change in the way how file access happens for eDirectory users. To know more about file 
access for eDirectory users, see “File Access” on page 166 under Section 7.1.1, “NSS Resource 
Access Until OES 11 SP2,” on page 165. 
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7.2 


Authentication 


Beginning with OES 2015 or later, both eDirectory and Active Directory are supported as an identity 
source, and OES enables the NSS file system to accept Active Directory identities as trustees. 


CIFS identifies the type of user trying to access the NSS resource and authenticates the user using 
the respective identity source. For example, when an Active Directory user attempts to access NSS 
resource, authentication is controlled by Active Directory using kerberos. On the other hand, for 
eDirectory users, authentication is controlled by eDirectory. 


Authentication of eDirectory users using NCP, AFP, FTP, Samba, SSH, and SCP is controlled by 
eDirectory. 


Authorization 


For both eDirectory and Active Directory users using CIFS, the authorization happens at the NSS 
level. 


For eDirectory users using NCP, the authorization happens at NCP level. For eDirectory users using 
AFP, FTP, Samba, SSH, and SCP, the authorization happens at the NSS level. 


Management Tools and Services 


OES 2015 introduces some new tools which are used along with the existing tools to manage your 
network. 


Rights Management: NFARM (AD only), iManager (eDirectory only), rights utility (supports AD and 
eDirectory), Novell Client for Windows and Linux (eDirectory only), NCPCON utilities (eDirectory 


only). 


User Management: iManager (only eDirectory). The Active Directory user management is using the 
native AD tools like MMC (Microsoft Management Console). 


Storage Management: iManager, NRM (DST Policy Management, primary shadow volume 
management and so on), NSSMU and NLVM. 


User and ACL Mapping: OES User Rights Management (NURM) is a tool that helps to create and 

save the mapping of eDirectory and Active Directory users. It is then used to assign ACLs and write 

them on to NSS media. After mapping, every AD identity that has been mapped to an eDirectory user, 
group, or container will get the same rights on the NSS resource as that of an eDirectory identity. 


Identity Translator: Novell Identity Translator (NIT) is an identity translator that generates or fetches 
UIDs based on the configuration and allows eDirectory and Active Directory users to access NSS 
resources natively. For more information, see Section 7.5, “About Novell Identity Translator (NIT),” on 
page 175. 


NSS AD Support Matrix 


+ OES 2015 SP1: SLES 11 SP4 


¢ Active Directory: Active Directory running on Windows 2008, Windows 2008 R2, Windows 
2012, and Windows 2012 R2. Beginning with OES 2015 SP1 both single and multiple forests are 
supported. 


+ OES File Access Rights Management Utility (NFARM): Windows 10, Windows 8.1, Windows 
8, Windows 7 SP1, Windows 7, Windows 2012 R2, Windows 2012, Windows 2008 R2, and 
Windows 2008. 
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+ OES User Rights Map Utility (NURM): Any web browser that supports, HTML5, CSS3, and 
Java script. 


7.3 Prerequisites for Installing and Configuring NSS 
AD 


+ Active Directory: Ensure that you have a working AD server, and the OES 2015 SP1 server 
must resolve the DNS name of the AD domain controller in the domain to which the server will be 
joined to. 


¢ Single Forest Environment: Create a Universal Group with the sAMAccountName 
"“OESAccessGrp" anywhere in the AD forest. Only the members of this group will have 
access to the NSS resources based on their trustee assignments. In absence of this group, 
all the AD users in the forest can access the NSS resources based on their trustee 
assignments. 


+ Multi Forest Environment: Create a Domain Local Group (DLG) with the 
sAMAccountName "DLOESAccessGrp" in the AD domain to which this OES server is 
joined. Only the members of this group (OES forest and across forest) will have access to 
the NSS resources based on their trustee assignments. In absence of this group, the AD 
users across the forest cannot access the NSS resources. 


¢ Reverse Lookup Entry for the AD Server: AD server's reverse lookup entry (IPv4 and IPv6) 
must exist in the DNS server before the domain join operation is performed. 


¢ Time Synchronization: The clocks must be synchronized between OES 2015 SP1 server and 
the Active Directory Server. 


+ DNS A Record: To access the shared resource on OES, add DNS A record for netbios name of 
the host or cluster resource. 


+ DNS Nslookup Entry for the AD Server: Ensure to resolve the AD server using DNS Nslookup 
entry. 


+ Rights Required for the Domain Join: The AD domain administrator or any AD user who has 
the rights to change password, reset password and create container objects on an AD server can 
be used for the domain join process. 


+ Novell Identity Translator (NIT): NIT can operate in two modes: Fetch and Generate. If you 
decide to generate UIDs, ensure to plan and select a UID range that does not conflict with LUM 
and Linux UID ranges. If you opt for the fetch mode, UID should exist in AD and the UID number 
attributes must be replicated to the global catalog. Only then the NIT will be able to fetch the 
users’ UID for authorization. For more information on replicating the UIDs to the global catalog. 


NOTE: If NIT is configured in generate mode, it generates UIDs even for users who already 
have a UID stored in AD. For more information on NIT, see NIT (Novell Identity Translator) in 
OES 2015 SP1: NSS AD Administration Guide. 


+ NSS AD Coexistence with Other OES Services: When you configure and install NSS AD, 
ensure that you do not opt to install Novell SAMBA and DSfW on the same server where NSS 
AD will be installed and configured. 


+ NSS AD’s Dependency on CIFS Service: Before installing and configuring NSS AD, ensure 
that the CIFS service is installed and running. 


+ Cluster Recommendation: In a cluster environment, if you plan to upgrade to OES 2015 SP1 
with NSS AD support, it is recommended to upgrade all the cluster nodes to OES 2015 SP1. 
NSS cluster resources whose pools have not been NSS AD Media upgraded, volumes AD- 
enabled, and joined to the AD domain will not be accessible for AD users. For more information 
on joining the cluster resources to the AD domain, see “Joining Cluster Pools to the AD Domain” 
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in the OES 2015 SP1: NSS File System Administration Guide for Linux. You could also use the 
novell-ad-util CLI tool for the domain join. For more information, see “novell-ad-util 
Command Line Utility” in the OES 2015 SP1: NSS AD Administration Guide. 


7.4 Installing or Upgrading to OES 2015 SP1 with NSS 
AD Support 


Here’s how you can install and configure NSS AD afresh or after an upgrade to OES 2015 SP1. 


¢ Section 7.4.1, “Resolving the AD DNS Name from OES 2015 SP1,” on page 172 
¢ Section 7.4.2, “Installing and Configuring NSS AD Support,” on page 172 
¢ Section 7.4.3, “Validating the NSS AD Configuration,” on page 174 
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¢ For information on installing or upgrading to OES 2015 SP1, domain join, and NIT configuration, 
see Section 7.4.2, “Installing and Configuring NSS AD Support,” on page 172. 
¢ After installing and configuring NSS AD, 

+ Media-upgrade the local pools and AD-enable the local volumes to support AD users. For 
more information on NSS Media upgrade and AD-enabling, see “NSS Media Upgrade 
Commands’ and “Volume AD-enabling” in the OES 2015 SP1: NSS File System 
Administration Guide for Linux. 

+ Upgrade your cluster resources to support AD users. Join all cluster pools to the AD domain 
using NSSMU (see “NSS Management Utility (NSSMU) Quick Reference” in the OES 2015 


SP1: NSS File System Administration Guide for Linux), upgrade all cluster pools media and 
AD-enable the volumes. For more information on media upgrade, and AD-enabling, see 
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“NSS Media Upgrade Commands” and “Volume AD-enabling” in the OES 2015 SP1: NSS 
File System Administration Guide for Linux. NSS AD media upgrade is required only for 
NSS32 bit pools, and AD-enabling of volumes must be done for both NSS32 and NSS64 
pools. 

¢ To enable AD users access the NSS resources, they need to be provisioned with sufficient 
rights. Use the Novell Rights Map utility to map users and rights between eDirectory and Active 
Directory users. For more information, see “OES User Rights Management (NURM) ” in the OES 
2015 SP1: NSS File System Administration Guide for Linux. 

+ To manage AD users’ rights, user quota, owner information, directory quota and so on, use 
Novell File Access Rights Management or rights utility. For more information, see “OES File 
Access Rights Management (NFARM)” and “rights” in the OES 2015 SP1: NSS File System 
Administration Guide for Linux. 


There is no change with the way you install or upgrade to OES 2015 SP1, except in the Novell 
Storage Services AD Support Configuration screens. 


7.4.1 Resolving the AD DNS Name from OES 2015 SP1 
To make OES 2015 SP1 with NSS AD work properly, ensure that AD server and OES 2015 SP1 


server are mutually resolvable. If you are not able to resolve, do not proceed with the NSS AD 
installation. Your Domain Search name and Name Server entries might be incorrect. 


7.4.2 Installing and Configuring NSS AD Support 


After resolving the AD DNS Name from the OES 2015 SP1 server, under the OES Patterns screen, 
select Novell Storage Service AD Support pattern and specify the following details: 
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+ AD Domain Name: Specify the appropriate AD domain name. 


¢ AD Supervisor Group: Specify the AD supervisor group name. The AD users belonging to this 
group will have supervisory rights for all the volumes associated with that OES server. 


+ AD User Name: Specify the user name that can be used for the domain join operation. This user 
should have the following privileges: rights to reset password, create computer objects, delete 
computer objects, and read and write the msDs-supportedEncryptionTypes attribute. 


Ħ Password: Specify the appropriate password of the user who is used for the domain join 
operation. 


¢ Container to Create Computer Object: You can specify the container under which the OES 
2015 SP1 computer object will be created. The default container is cn=computers. If you have 
already created a OES 2015 SP1 computer object in the AD server, select Use pre-created 
computer object, then specify the container name where the pre-created OES computer object 
exists. 


¢ NIT - Novell Identity Translator Configuration: If you want NIT to generate UIDs for AD 
users, select Generate UID for AD users, then specify the UID range. The default range is from 
100000 to 200000. If you want NIT to fetch UIDs, do not select the Generate UID for AD users 
option. 
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Validating the NSS AD Configuration 


After successfully installing and configuring NSS AD, you should find an entry for the cluster node 
object created in the Active Directory Users and Computers screen of the AD server as shown in the 
following image. 


File Action View Help 
e| alm] 4 6| X E 
I] Active Directory Users and Com Type Description 
b Saved Queries E Computer 
4 Gq fnsdocseba.com . 
p D Builtin 
Computers| 
b Domain Controllers 
b ForeignSecurityPrincipal: 
b £ Managed Service Accour 
p D Users 


You can also execute klist -k command and verify that the default keytab entries are created as 
shown below. 


tstsrv:~/Desktop #klist -k 
Keytab name: FILE:/etc/krb5.keytab 
KVNO Principal 
tstsrv$@ACME .COM 
tstsrv$@ACME .COM 
tstsrv$@ACME .COM 
cifs/tstsrv.acme .com@QACME .COM 
cifs/tstsrv.acme .com@QACME .COM 
cifs/tstsrv.acme .com@QACME .COM 
cifs/tstsrv@ACME.COM 
cifs/tstsrv@ACME.COM 
cifs/tstsrv@ACME.COM 
host/tstsrv.acme.com@ACME .COM 
host/tstsrv.acme.com@ACME .COM 
2 host/tstsrv.acme.com@ACME.COM 
tstsrv:~/Desktop # 


NNNNNNNNNNN 


This command updates the default keytab, /etc/krb5.keytab and /etc/krb5.conf files. OES 2015 
SP1 supports three strongest encryption types: AES128, AES256, RC4HMAC. For each encryption 
type, an entry is made in the default key tab. 
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About Novell Identity Translator (NIT) 


The Novell Identity Translator (NIT) is a new service in OES 2015 as briefly explained in the following 
sections: 


+ A New NSS Authorization Model 

+ Not All Users Have UIDs 

¢ Ensuring that Your CIFS-NSS Users Have UIDs 
+ Which OES Components Rely on NIT 


For more information, see NIT (Novell Identity Translator) in the OES 2015 SP1: NSS AD 
Administration Guide. 


A New NSS Authorization Model 
OES includes a new authorization model for CIFS-user access to NSS volumes. 


The new model requires that eDirectory and Active Directory (AD) users all have unique User IDs 
(UIDs). 


Not All Users Have UIDs 


¢ eDirectory: LUM-enabled eDirectory users have UIDs; non-LUM-enabled eDirectory users do 
not. 


¢ Active Directory: Generally speaking, AD users don’t have UIDs, but AD can be configured to 
assign the uidNumber attribute to users when required. 


Ensuring that Your CIFS-NSS Users Have UIDs 


The Novell Identity Translator (NIT) lets you ensure that all users requiring NSS authorization have 
the required UIDs. 


¢ eDirectory: When NIT is properly configured, all eDirectory users can access NSS using Novell 
CIFS, as summarized in Table 7-1. 


Table 7-1 NIT Guarantees UIDs for All eDirectory Users 


User UID Status in eDirectory What NIT Does 
LUM-enabled user Retrieves the UID from eDirectory 
Non-LUM-enabled user Generates a UID within the specified UID range 


¢ Active Directory: If needed, you can configure NIT to simply retrieve and pass along UIDs that 
are set in Active Directory by deselecting the Generate UIDs for AD Users option when you 
Configure the NSS for Active Directory service. However, you must then ensure that all AD users 
who need access to NSS through CIFS have the uidNumber attribute set on their AD account. 
This caveat is summarized in Table 7-2. 
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Table 7-2 NIT Must Be Properly Configured to Guarantee UIDs for Active Directory Users Who Need Them 


UIDs in Active Directory UID Generation 


The uidNumber attribute is set for Enabled 
some or all AD users. 


Those users have a UID number 
in Active Directory. 


What NIT Does 


Generates UIDs within the specified UID 
range for all AD users needing NSS access. 


The uidNumber attribute in Active Directory is 
ignored. 


Disabled 


Retrieves the uidNUmber from Active 
Directory when available. 


Users without a uidNumber cannot access 
NSS. 


The uidNumber attribute is not Enabled 
set for any AD users. 


Generates UIDs within the specified UID 
range for all AD users needing NSS access. 


No AD users have a UID number Disabled 
in Active Directory 


Which OES Components Rely on NIT 


No users can access NSS because none of 
them has a UID. 


NIT is used as an infrastructure component by various OES components, including Novell CIFS, 


NSS, and SMS. 
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Updating (Patching) an OES 2015 SP1 
Server 


Updating an Open Enterprise Server (OES) 2015 SP1 Linux server is essentially the same as 
updating a SUSE Linux Enterprise Server (SLES) 11 SP4 server except that you apply patches for 
both SLES 11 SP4 and OES 2015 SP1. 


To update your server with the patches released from Novell requires you to perform the following 
tasks during the installation or upgrade or after the installation or upgrade is complete. The 
instructions in this section are for patching the server after the installation or upgrade is complete. 

¢ Section 8.1, “Overview of Updating (Patching),” on page 177 

¢ Section 8.2, “Preparing the Server for Updating,” on page 178 

¢ Section 8.3, “Registering the Server in the Novell Customer Center,” on page 179 

¢ Section 8.4, “Updating the Server,” on page 182 

¢ Section 8.5, “Verifying That Your Repository Subscriptions Are Up-to-Date,” on page 185 

¢ Section 8.6, “Frequently Asked Questions about Updating,” on page 185 

¢ Section 8.7, “Patching From Behind a Proxy Server,” on page 185 

¢ Section 8.8, “GUI Based Patching,” on page 186 

¢ Section 8.9, “Using SUSE Manager to Patch an OES Server,” on page 186 

¢ Section 8.10, “Installing the Latest iManager NPMs After Applying OES Patches,” on page 187 


¢ Section 8.11, “Restarting the OES Instance of Tomcat After Applying a Tomcat Update,” on 
page 188 


8.1 Overview of Updating (Patching) 


¢ Section 8.1.1, “The Patch Process Briefly Explained,” on page 177 
¢ Section 8.1.2, “Update Options,” on page 178 


8.1.1 The Patch Process Briefly Explained 


The OES 2015 SP1 patch process consists of the following processes: 
1. The patch tool (zypper, Package Kit, or YaST Online Update [YOU]) checks for available patches 
on its configured patch update repositories and displays them for selection. 
2. The patch administrator selects which patches to apply. 


3. The patch tool checks cross-dependencies and displays any messages regarding situations or 
conflicts that require administrator input. 


4. The patches are downloaded. 


If any downloaded patches contain information or instructions, these are displayed for 
administrator acknowledgement. For example, administrators might be instructed to restart a 
service or run a configuration script file to complete the process after the patch process 
completes. 
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5. After all of the messages have been acknowledged, the downloaded patches are installed. 


6. The administrator is prompted to restart the server. 


Update Options 


OES 2015 SP1 administrators have three options for updating servers with patches from Novell. 


+ Novell Online Update Servers: For those who don’t require an internal update source, OES 
2015 SP1 servers can be easily configured to directly access the online patch repository. 
Instructions for doing this are included in the sections that follow. 


¢ Subscription Management Tool (SMT) for SUSE Linux Enterprise: This product doesn’t 
require a separate license. It lets you host patches from the Novell online update repository on a 
server, which provides more security and greatly reduces Web traffic related to server updates. 
SMT is available for download on the Novell Download Site (http://download.novell.com/ 
Download?buildid=5YxjWD8_ZZk-~). 


+ ZENworks Linux Management: An enterprise-level product that requires a separate license. It 
provides updates for SUSE Linux Enterprise, OES, and Red Hat Enterprise Linux (RHEL) 
products. In addition to hosting updates for download, ZENworks Linux Management is also 
capable of pushing the updates to targeted devices through a single Web interface. For more 
information about ZENworks Linux Management, see its product page on Novell.com (https:// 
www.novell.com/documentation/zenworks11/zen11_cm_linuxpkg_mgmt/data/bvjhr7p.html). 


IMPORTANT: OES patches are not cumulative. A patch update to a specific component does not 
necessarily contain all related RPMs for that component. When you patch a server that has any 
version of OES, either by directly using the update catalogs from nu.novell.com or by mirroring the 
update catalogs from nu.novell.com to a local SMT or ZCM server, you must apply all available 
patches as they are offered through the official update repositories. Do not apply partial patches, or 
apply patches intermittently or out of sequence. 


Each patch release assumes that you will apply the new patches to a fully patched system, and that 
you will apply all of the patches in the release. We do not support applying only selected patches from 
a specific scheduled maintenance patch, skipping a scheduled maintenance patch, or applying 
patches out of their intended order. 


NOTE: If the OES 2015 SP1 server is patched post January 2019, a message to import the new keys 
found in the repository is displayed. For more information, see Appendix C, “Importing New Build 
Keys to the Keyring,” on page 271. 


Preparing the Server for Updating 


1 Make sure you have installed all the services that you need on the server. 
2 Before starting your update, make note of the root partition and available space. 


If you Suspect you are running short of disk space, secure your data before updating and 
repartition your system. There is no general rule regarding how much space each partition 
should have. Space requirements depend on your particular partitioning profile and the software 
selected. 


The df -h command lists the device name of the root partition. In the following example, the root 
partition to write down is /dev/sda2 (mounted as /). 


Example: List with df -h. 
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In particular, ensure that you have enough space where the update process downloads all the 
updates to in /var/cache/zypp/. 


Depending on the number of patches that you are going to apply, you might need about 3 GB for 
OES 2015 SP1. 


3 Before updating the server, secure the current data on the server. 


Copy all configuration files to a separate medium, such as a streamer, removable hard disk, USB 
stick, or ZIP drive. This primarily applies to files stored in /etc as well as some of the directories 
and files in /var and /opt. You might also want to write the user data in /home (the HOME 
directories) to a backup medium. Back up this data as root. Only root has read permission for 
all local files. 


Registering the Server in the Novell Customer 
Center 


Before you can patch an OES 2015 SP1 server with updates from Novell, you must register the 
server either during installation or later by using the instructions in this section. 


If you register through evaluation codes, your server can receive patches for only 60 days, at which 
time the codes expire. 


You need to register each server with the Novell Customer Center only once. After you have 
registered the server, you can update the server at any time. This includes replacing evaluation codes 
with purchased codes. You can use the desktop interface (GUI) or the command line to accomplish 
this task. 


This section contains the following information: 


¢ Section 8.3.1, “Prerequisites,” on page 179 


¢ Section 8.3.2, “Registering the Server in the Novell Customer Center Using the Command Line,” 
on page 180 


¢ Section 8.3.3, “Registering the Server in the Novell Customer Center Using the GUI,” on 
page 180 


Prerequisites 


To complete these procedures, you must have the following: 
+ A Novell Customer Center account or access to an account. 


For more information about creating a Novell Customer Center account, see “Creating an 
Account” in the Novell Customer Center User Guide (http://www.novell.com/documentation/ncc/ 
ncc/data/b5exp8k.html#b5exj2f). This is the same account that you use for Bugzilla. 
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+ The activation codes for SLES and OES 2015 SP1 that you received when you purchased your 
product. 


+ An established connection to the Internet. 


8.3.2 Registering the Server in the Novell Customer Center Using 
the Command Line 


To register a new server or to replace evaluation activation codes with standard codes. 


1 Log in to the server as root or su to root 
2 At the command line, enter 


suse_register -a email=email_address -a regcode-sles=SLES_registration_code -a 
regcode-oes=0es2015_registration_code 


For example: 


suse_register -a email=joe@example.com -a regcode-sles=4adab769abc68 -a 
regcode-oes=30a74ebb94fa 


IMPORTANT: If you are replacing evaluation codes with purchased codes, simply enter the 
codes. No further action is required. 


3 Verify that the server is registered by checking whether you have the service types and catalogs 
needed for updates: 


3a To verify the service type, enter 
zypper ls 
The results should be similar to the following: 


The URIs you see for the ZYPP type differ based on your installation source. 
3b To verify the catalogs, enter 
zypper lr 


The results should be similar to the following: 


8.3.3 Registering the Server in the Novell Customer Center Using 
the GUI 


1 Inthe YaST Control Center, click Other > Novell Customer Center Configuration. 


2 On the Novell Customer Center Configuration configuration page, select all of the following 
options, then click Next. 
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Configure Now: Proceeds with registering this server and the OES product with the Novell 
Customer Center. 


Hardware Profile: Sends information to the Novell Customer Center about the hardware 
that you are installing SLES 11 SP4 and OES 2015 SP1 on. 


Optional Information: Sends optional information to the Novell Customer Center for your 
registration. For this release, this option doesn’t send any additional information. 


Registration Code Makes the registration with activation codes mandatory. 


Regularly Synchronize with the Customer Center: Keeps the installation sources for this 
server valid. It does not remove any installation sources that were manually added. 


After you click Next, the following message is displayed. Wait until this message disappears and 
the Manual Interaction Required page displays. 


YaST2@blr8-117-254 x 


Contacting server... 


This may take a while 


3 On the Manual Interaction Required page, note the information that you will be required to 
specify, then click Continue. 


4 On the Novell Customer Center Registration page, specify the required information in the 
following fields: 


+ 


+ 


+ 


Email Address: The e-mail address for your Novell Login account. 
Confirm Email Address: The same e-mail address for your Novell Login account 


SUSE Linux Enterprise Server 11 SP4 (optional): Specify your purchased or 60-day 
evaluation registration code for the SLES 11 SP4 product. 


If you don't specify a code, the server cannot receive any updates or patches. 


Open Enterprise Server 2015 SP1 (optional): Specify your purchased or 60-day evaluation 
registration code for the OES product. 


If you don't specify a code, the server cannot receive any updates or patches. 


System Name or Description (optional): The hostname for the system is specified by 
default. If you want to change this to a description for the Novell Customer Center, specify a 
description to identify this server. 


5 Click Submit. 


6 When the message to complete the registration displays, click Continue. 
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Novell Customer Center System Registration 


To complete the process of registering this system and getting access to online updates, you need to finish the 
registration process. To proceed, click the Continue button 


To change the registration or subscription information for this system, you can log in to the Novell Customer Center at 
any time using the same credentials that you use to log in to your Novell Login account. You can access the Novell 
Customer Center at http:/Awaw.novell.com/center 


If you do not yet have a Novell Login account, please create one and make sure that you use the same e-mail address 
that you used when registering this system 


To create the Novell Login account, access the Novell web site at http:/wwav_novell.com/createaccount 


For your convenience, you will be sent a follow up e-mail with this information 


Continue » 


N 
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After you click Continue, the following message is displayed with the Manual Interaction 
Required page. Wait until this message disappears and the Novell Customer Center 
Configuration Was Successful page displays. 


YaST2@bir8-117-254 


Contacting server... 


This may take a while 


7 When you see the message that the Novell Customer Center was successful, click OK. 


When the registration is successful, the server is registered in the Novell Customer Center and the 
installation sources for patches are configured on the server. 


8.4 Updating the Server 


After the server has been registered in the Novell Customer Center, you can apply updates via 
packages and patches. The default GNOME desktop indicates when there are updates available to 
the server. You can update the server from any of the following interfaces. 


¢ Section 8.4.1, “Updating the Server Using the Command Line,” on page 183 


You could also patch an OES server using the following methods: Section 8.8, “GUI Based Patching,” 
on page 186, Section 8.9, “Using SUSE Manager to Patch an OES Server,” on page 186, 
Section 8.7, “Patching From Behind a Proxy Server,” on page 185, and so on. 
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8.4.1 


Updating the Server Using the Command Line 


After you have registered the server in the Novell Customer Center, you can update the server by 
using commands at the command line. The following procedure specifies steps for updating the 
server with all available patches for SLES 11 SP4 and OES 2015 SP1. 


1 Log in to the server as root or su to root. 


2 At the command line, enter the following commands. The screen shots show example output. 


2a 


2b 


2c 


2d 


Refresh all services: 


zypper ref -s 


See whether updates are available for SLES 11 SP4 and OES 2015 SP1: 

zypper patch-check --repo catalogi --repo catalog2 

For example, 

zypper patch-check --repo SLES11-SP4-Updates --repo OES2015-SP1-Updates 
Updates available 


Update the server with all available SLES 11 and OES 2015 SP1 patches: 
zypper up -t patch -r SLES11-SP4-Updates -r OES2015-SP1-Updates 


NOTE: When you install CIFS package using the command line (patch install, rpm 
upgrade, zypper updates and so on), you will get the 16024 Add method error. You can 
ignore this error as it does not cause disruption to any service. 


Cause: While installing a newer CIFS version, the setup might try to pull in few NMAS 
methods that are existing on your server. This would be seen only when the patches are 
updated from the command line interface. The NMAS methods present in the server are 
retained and are not overwritten. 


Repeat Step 2b and Step 2c until no more updates are available. 
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2e If the patching requires a server reboot, do so when intimated by the system. 


Rebooting the server activates the new kernel if it has been updated and ensures that OES 
services that need restarting after patching are restarted. 


IMPORTANT: Do not use the zypper up command by itself without the -t option to update an OES 
server. Always use the -t patch option as described in Section 8.4.1, “Updating the Server Using 
the Command Line,” on page 183. 


Ifthe -t patch option is omitted, zypper includes SLES packages in the download that can cripple or 
completely break OES services. 


The -t patch option also ensures that patch metadata (including script files, etc.) is downloaded so 
that SLES can correctly update the system. 


For more information on zypper, see SDB:Zypper usage 11.3 (http://en.opensuse.org/ 
SDB:Zypper_usage_ 11.3). 


You can also update your server with specific maintenance patches. 


1 Log in to the server as root or su to root. 
2 At the command line, enter the following commands: 
2a To refresh all services, enter: 
zypper ref -s 
2b To check for available updates, enter: 
zypper lu -r SLES11-SP4-Updates -r OES2015-SP1-Updates 
2c To list the patches and their status, enter: 
zypper pch SLES11-SP4-Updates OES2015-SP1-Updates 
2d_ To view specific patch information, enter: 
zypper patch-info patch_name 
For example: 
zypper patch-info slessp4-sax2 
2e To list all installed patches, enter: 
zypper search -t pch -i 
2f To update the server with specific patches, choose from the following: 
¢ To install all patches from one or more catalogs of a particular category: 
zypper patch -r catalogi -r catalog2 -g category_name 
Replace category_name with security, recommended, or optional. 
For example: 
zypper patch -r SLES11-SP4-Updates -r OES2015-SP1-Updates -g security 
¢ To install one version of a patch without confirmation, enter: 
zypper --non-interactive in -t patch patch_name-version 
For example: 


zypper --non-interactive in -t patch slessp4-sax2-12428 
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8.5 


8.6 


8.6.1 


8.7 


¢ To install all versions of a patch, enter: 
zypper in -t patch patch_name* 


2g If the update requires a server reboot, do so when intimated by the system. This ensures 
that any changes to the kernel are activated, and applicable OES 2015 SP1 services are 
restarted. 


Verifying That Your Repository Subscriptions Are 
Up-to-Date 


When an OES 2015 SP1 server is updated properly, the update repository list is refreshed to include 
Updates entries for your OES 2015 SP1 and SLES 11 versions. 


To verify that you have updates from both update repositories: 
1 Ataterminal prompt on the server you have updated, enter the following command: 


zypper lr 


The list of repositories should include update repositories for your SLES 11 and OES 2015 SP1 
versions. For example, after updating an OES 2015 SP1 server, the repositories listing should 
include both SLES11-SP4-Updates and 0ES2015-SP1-Updates as subscribed update 
repositories. 


2 After the repository list contains the correct entries, update your server by repeating the pertinent 
instructions in Section 8.4, “Updating the Server,” on page 182. 


Frequently Asked Questions about Updating 


This section contains the following information: 


¢ Section 8.6.1, “Do | apply all the patches in the catalogs? How do | know which patches to 
apply?,” on page 185 


Do I apply all the patches in the catalogs? How do | know 
which patches to apply? 


Each patch has a category and a status associated with it. The categories state whether the patch is 
a security patch, a recommended patch, or an optional patch. The zypper pch command shows 
whether the patch is needed or not needed and whether it has been applied. When you are using the 
Novell Updater, only the patches that are needed and have not been applied display in the list of 
patches. 


Therefore, you can just apply all the security patches and wait to apply other patches that might 
change how a feature or product works. 


Patching From Behind a Proxy Server 


See TID 7006845 (https://www.novell.com/support/kb/doc.php?id=7006845). 
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8.8 


8.9 


8.9.1 


GUI Based Patching 


The method of installing patches using the GUI is same for both OES 2015 SP1 and SLES 11 SP4. 
For more information, see Installing Patches in the SLES 11 SP4 Administration Guide. 


Using SUSE Manager to Patch an OES Server 


SUSE Manager is a server solution for providing updates, patches, and security fixes for single SUSE 
Linux Enterprise, OES, and Red Hat Enterprise Linux clients. It comes with a set of tools and a Web- 
based user interface for management tasks. For more information on SUSE Manager, see the SUSE 
Manager documentation (https://www.suse.com/documentation/suse_manager/). 


IMPORTANT: SUSE manager-based patching support is available only from OES 11 onwards. 


You can use SUSE Manager to patch an OES 11 SP2, OES 11 SP3 or OES 2015 server. 


¢ Section 8.9.1, “Setting Up SUSE Manager,” on page 186 
¢ Section 8.9.2, “Patching an OES 11 or Later Server Using SUSE Manager,” on page 187 


Setting Up SUSE Manager 


Use the information contained in the following sections to set up a SUSE Manager server: 


¢ “Installing SUSE Manager” on page 186 
¢ “Mirroring the Required OES and SLES Channels” on page 186 
+ “Creating Activation Keys and Registering Clients” on page 187 


Installing SUSE Manager 


For more information about installing, patching and mirroring, see the SUSE Manager Getting Started 
Guide (https://www.suse.com/documentation/suse-manager/book_suma3_quickstart_3/data/ 
quickstart_chapt_overview_requirements.html). 


1 Install SUSE Manager. 
2 Patch SUSE Manager before configuring it. 


3 Configure SUSE Manager. Ensure to provide the appropriate mirror credentials to access the 
OES and SLES channels. 


Mirroring the Required OES and SLES Channels 


1 Mirror the SLES 11 SP3, SLES 11 SP4, OES 2015 and OES 2015 SP1 channels. For more 
information on mirroring the channels, see Synchronizing with SUSE Customer Center (https:// 
www.suse.com/documentation/suse-manager/book_suma3_quickstart_3/data/ 
quickstart_first_channel_sync.html). 


¢ For SLES 11 SP3 and OES 2015 Channels: Select SUSE Linux Enterprise Server 


11 SP3 product and click & icon to expand. Again, select Open Enterprise Server 
2015. 
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+ For SLES 11 SP4 and OES 2015 SP1 Channels: Select SUSE Linux Enterprise 


Server 11 SP4 product and click & icon to expand. Again, select Open Enterprise 
Server 2015 SP1. 


2 (Conditional) If this is the first time the OES channel is mirrored, the following error message is 
displayed: 


ChannelException: The GPG key for this repository is not part of the keyring. 
Please run spacewalk-repo-sync in interactive mode to import it. 


Use the following steps to resolve the issue: 
2a Run the spacewalk-repo-sync -c <any-oes-channel-name> command. 
For example, spacewalk-repo-sync -c 0eS2015-sp1-pool-x86_64. 


2b When you are prompted to import the keys, import the keys and continue with Step 1 on 
page 186 


After the keys are imported, other OES channels are mirrored without any issues. 
Creating Activation Keys and Registering Clients 
For information on how to create activation keys and register clients, see “Registering Clients” in the 


SUSE Manager Documentation (https://www.suse.com/documentation/suse-manager/ 
book_suma3_quickstart_3/data/sect1_8 chapter_book_suma3_quickstart_3.html). 


8.9.2 Patching an OES 11 or Later Server Using SUSE Manager 


1 Ensure that you have completed “Setting Up SUSE Manager” on page 186. 


2 Log in to the SUSE Manager Web console (https://<SUSE Manager Server_hostname or 
IP_address>) with administrative credentials. 


3 Click Systems. 


SUSE Manager lists all the registered OES servers along with the number of patches available 
for each OES server. 


4 Select the OES server, click Software > Software Channels, then verify that the required 
channels are selected. 


5 To apply a patch, select the OES server, click Software > Patches, select all the patches, then 
click Apply patches > Schedule the patch > Confirm. 


The OES server is updated with all the patches. 


8.10 Installing the Latest iManager NPMs After 
Applying OES Patches 


In an OES environment, applying the latest OES patches does not install the latest iManager NPMs 
automatically. They will have to be manually installed. 


To install the latest iManager NPMs: 


1 Ensure that you have applied all the available OES patches. 
2 Log on to iManager with admin privileges. 


3 Click Configure > Plug-Installation > Available Novell Plug-in Modules. 
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4 Under the Version column, select all the modules that have version 2.7.7 or above associated 
with it and the following iManager framework modules: iManager Base Content, iManager 
Framework and iManager Framework Content, then click Install. 


5 After successfully installing all the NPMs, restart tomcat using the /etc/init .d/novell- 
tomcat6 restart command. 


8.11 Restarting the OES Instance of Tomcat After 
Applying a Tomcat Update 


Whenever there is an update to Tomcat, ensure to restart the OES instance of Tomcat using the 
rcnovell-tomcat6 restart or /etc/init.d/novell-tomcat6 restart command. This loads all 


the latest libraries. 
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9.1 


Using AutoYaST to Install and Configure 
Multiple OES Servers 


If you need to install OES to multiple systems that perform similar tasks and that share the same 
environment and similar but not necessarily identical hardware, you might want to use AutoYaST to 
perform the installation. 


To use AutoYaST, first you use the Configuration Management tool (YaST > Miscellaneous > 
Autoinstallation) to generate an XML profile file (referred to as a control file) and use it to perform 
OES installations to multiple servers that share the same hardware and environments. You can also 
tailor this control file for any specific environment. You then provide this control file to the YaST2 
installation program. 


This section does not provide complete AutoYaST instructions. It provides only the additional 
information you need when setting up AutoYaST to install multiple OES 2015 SP1 servers. 


For complete instructions on using AutoYaST2, see Automatic Linux Installation and Configuration 
with Yast2 (http://doc.opensuse.org/projects/YaST/openSUSE11.3/autoinstall/). You can also access 
the documentation locally on an OES server in /usr/share/doc/packages/autoyast2/htm1/ 
index.html. 


You can also use the cloning option to create clones of a particular installation. To clone a system, 
select Clone This System for Autoyast at the end of the installation. This creates /root/ 
autoinst.xml that can be used for cloning. For more information, see Automated Installation (http:// 
www.suse.com/documentation/sles11/book_sle_deployment/data/cha_deployment_autoinst.html) in 
the SUSE Deployment Guide (http://www.suse.com/documentation/sles11/book_sle_deployment/ 
data/cha_deployment_autoinst.html). 


This section contains the following information: 


¢ Section 9.1, “Prerequisites,” on page 189 

¢ Section 9.2, “Setting Up a Control File with OES Components,” on page 190 

¢ Section 9.3, “Setting Up an Installation Source,” on page 196 

¢ Section 9.4, “Cloning an OES Server Post OES Installation and Configuration,” on page 197 


Prerequisites 


You need at least the following components to install an OES 2015 SP1 server by using AutoYaST: 


O Aserver with OES 2015 SP1 already installed. 


O One or more target computers to install the server software to and the following information 
about each: 


+ Number of hard disks 
+ MAC address 
¢ Monitor types and graphics hardware 


O Acontrol file. 
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For information on setting up a control file with OES components, see “Setting Up a Control File 
with OES Components” on page 190. 


O Aboot scenario set up. 


You can boot from media or from an installation source. For more information, see “Setting Up an 
Installation Source” on page 196. 


O Asource or server that contains the AutoYaST profile (control file). 


For more information, see “Setting Up an Installation Source” on page 196. 


9.2 Setting Up a Control File with OES Components 


The control file is an XML file that contains an installation profile for the target computer. This 
installation profile contains all the information to complete software installation and configuration on 
the target computer. 


To create a control file: 


+ You can create the control file manually in a text editor (not recommended). 


+ When you complete an installation, you can click Clone for AutoYaST. If you use this option, the 
resulting file is /root/autoinst. xml. This file must be edited manually before using it. See 
Section 9.2.1, “Fixing an Automatically Created Control File,” on page 190. 


+ You can create or modify a control file by using the AutoInstallation module in YaST. For 
procedures, see Section 9.2.2, “Using the AutolInstallation Module to Create the Control File,” on 
page 191. 


This system depends on existing modules that are usually used to configure a computer after 
OES 2015 SP1 is installed on a server. 


9.2.1 Fixing an Automatically Created Control File 


Review the following issues and solutions to fix the automatically created control file. 
¢ Issue 1: If you install all OES Services through AutoYaST, Apache does not run. 


Solution: Reboot the server when the installation is complete; or, when you create the profile or 
control file, deselect the Print Server pattern in the Primary Functions category. If you have 
already created the control file, remove the following section: 


- <printer> 
<cups_installation config:type="sSymbol">server< cups_installation> 
<default /> 
<printcap config:type="list" /> 
<server_hostname /> 
<spooler>cups</spooler> 
</printer> 
¢ Issue 2: The Certificate Authorities section of the control file is not created. 
Solution: You must insert the CA section manually. 
To add this information to the control file: 
1. Open YaST as root. 
2. Click Miscellaneous > Autoinstallation. 


3. Select Security and Users > CA Management, then click Edit. 
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4. In the Common Name File field, specify a name for the certificate. For example 
YaST_Default_CA(hostname). 


5. Specify an e-mail name in the Email field. 

6. Specify a password in the Password field. 

7. Click File > Save to save the file. Ignore any error messages that you receive. 

8. Click View Source to ensure that the CA entry was entered. 

It should look similar to the following: 

<ca_mgm> 
<CAName>YaST_Default_CA</CAName> 
<ca_commonName>YaST_Default_CA( hostname )</ca_commonName> 
<country>US</country> 
<importCertificate config: type="boolean">false</importCertificate> 
<locality></locality> 
<organization></organization> 
<organizationUnit></organizationUnit> 
<password>actual_password</password> 
<server_email>name@example.com</server_email> 
<state></state> 
<takeLocalServerName config: type="boolean">true</takeLocalServerName> 

</ca_mgm> 
¢ Issue 3: If you install Novell Cluster Services, one package does not install correctly. 


Solution: Comment out the following line in the control file. 
<package>novell-cluster -services-kmp-smp</package> 

For example: 
<!--<package>novell-cluster -services -kmp-smp</package>- -> 


¢ Issue 4: If you did not patch the server during the installation, the OES product is not identified 
correctly in the control file. 


Solution: When creating the profile or control file, change the product line from: 
<product>Novell Open Enterprise Server 11</product> 


to 


<product>OPEN_ENTERPRISE_SERVER</product> 


9.2.2 Using the Autolnstallation Module to Create the Control File 


The following procedure contains a quick list of steps to create the control file by using the 
Autolnstallation module in YaST on a server running OES 2015 SP1. 
1 On a server that has OES 2015 SP1 installed, Click Computer > YaST Administrator Settings. 
2 Click Miscellaneous > Autoinstallation. 


The AutoYaST Configuration Management System application window opens, referred to 
hereafter as the main window. 


3 Click Tools > Create Reference Profile. 


4 Inthe Create a Reference Control File dialog box under Select Additional Resources, select the 
Network Settings check box, then click Create. 
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AutoYaST probes the server it is running on for software, partitioning, boot loader, network card 
information, language settings, mouse, and other system settings. After the information has 
been collected, the status messages cease and only the main window is displayed. 


5 Verify the package selections: 


5a In the left frame of the main window, click Software, then under Available Modules, click 
Package Selection. 


5b On the Package Selection page, make sure the items are the same as you previously 
installed on the server. For more information on the add-ons (software selections) that are 
selected in the base selections or patterns, see “Deciding What Patterns to Install” on 
page 27. If the configuration contains the packages and selections you need, skip to Step 7. 
If not, continue with Step 6. 


6 If necessary, change the package selections for the target servers: 
6a In the Package Selection dialog box, click Configure. 
6b On the Software Selection page, click Patterns in the Filter field. 
6c Select the specific software items that you want to be added, then click Accept. 


6d If you are prompted to accept the AGFA Monotype Corporation End User License 
Agreement, click Accept. 


6e Accept the automatic changes by clicking Continue in the Changed Packages dialog box. 
7 Specify the Partitioning parameters for the target server: 


7a Inthe left frame of the main window, click Hardware, under Available Modules, click 
Partitioning, then click the Edit button. 


7b Set up partitioning on the first drive as desired, then click Finish. 
See the online help for details about limitations. 


For more information on partitioning options, see “Partitioning” in Automatic Linux 
Installation and Configuration with Yast2 (http://doc.opensuse.org/projects/YaST/ 
openSUSE11.3/autoinstall/CreateProfile.Partitioning.html). 


8 Specify the settings for the graphics card and monitor: 


8a_ In the left frame of the main window, click Hardware, under Available Modules, click 
Graphics Card and Monitor, then click the Configure button. 


8b In the General Options field of the X11 Configuration page, specify the settings that you 
want. 


8c In the Desktop field of the X11 Configuration page, select the settings that you want for the 
Display Manager and Window Manager, then click Next. 


8d On the Configure Monitor page, select the applicable monitor vendor and model, then click 
Next. 


8e Verify the X11 settings. If they are not correct, repeat Step 8a and Step 8d. 
If you skip this step, the server keyboard mappings might be German. 
9 (Optional) Insert a script to perform a task that you want, such as a script for removing partitions: 


For more information on custom user scripts, see “Custom User Scripts” (http://www.suse.de/ 
~ug/autoyast_doc/configuration.html#createprofile.scripts) in Automatic Linux Installation and 
Configuration with Yast2. 


9a In the main window, click Miscellaneous > Custom Scripts > Configure. 
9b On the User Script Management page, click New. 


9c In the File Name field, specify a descriptive name for the script, such as 
hello_world_script. 
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10 


12 


9d Inthe Script Source field, specify commands such as the following example script: 


#!/bin/sh 
‘echo "hello world" > /tmp/post-script-output' 


9e Click the Type drop-down box, then select Post. 


This script runs after the installation is complete. For additional options, see the online help 
for this dialog box. 


9f Click Save. 


9g Make sure your script appears in the Available Scripts section of the User Script 
Management page, then click Finish. 


9h Make sure your script appears in the Post Scripts section of the Custom Scripts page. 
Set the password for the root user: 
10a From the main window, click Security and Users > User Management > Configure. 
10b Click Set Filter, then select Select System Users from the drop-down menu. 
10c Select user root, then click Edit. 


10d Type a password for the root user in the Password and Verify Password fields, click 
Accept, then click Finish. 


10e Verify that the root user appears in the Users section of the User Management dialog box. 

Set a password for Certificate Authority management: 

11a From the main window, click Security and Users > CA Management > Configure. 

11b Type a password for the certificate in the Password and Confirm Password fields, then click 
Finish. 

11c Verify that the Password status appears as Set on the CA Management page. 

Configure OES Services: 

12a From the main window, click Open Enterprise Server > module_name > Configure. 
All OES services are in the Open Enterprise Server category. 


We recommend configuring eDirectory first. Although there are dependencies for some of 
the components, in this release AutoYaST does not verify whether one module is configured 
or not. 


See the following table for category names and dependencies. You should configure all the 
modules that were selected for the software selections in Step 5 on page 192. For more 
information about which modules are in each pattern, see “Deciding What Patterns to 
Install” on page 27. 


Pattern Other Module Dependencies 


Novell AFP + Novell Backup / Storage Management Services (SMS) 
+ NetIQ eDirectory 
+ Novell Storage Services (NSS) 
+ Novell Linux User Management (LUM) 
+ Novell Remote Manager (NRM) 
Novell Backup/Storage + Novell Linux User Management (LUM) 


Management Services 


(SMS) + Novell Remote Manager (NRM) 
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Pattern 


Novell CIFS 


Novell Cluster Services 
(NCS) 


Novell DHCP 


Novell DNS 


Novell Domain 
Services for Windows 


NetIQ eDirectory 


Novell FTP 


Novell iFolder 


+ 


+ 


+ 


+ 


Other Module Dependencies 


Novell Backup / Storage Management Services (SMS) 
NetIQ eDirectory 

Novell Storage Services (NSS) 

Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup / Storage Management Services (SMS) 
NetIQ eDirectory 

Novell DNS 

Novell iManager 

Novell iPrint 

Novell Linux User Management (LUM) 

Novell Remote Manager (NRM) 

Novell Storage Services (NSS) 

Novell NCP Server 


Novell Backup/Storage Management Services (SMS) 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


194 Using AutoYaST to Install and Configure Multiple OES Servers 


Pattern 


Novell iManager 


Novell iPrint 


Novell Linux User 
Management (LUM) 


Novell NCP Server / 
Dynamic Storage 
Technology 


Novell NetStorage 


Novell Pre-Migration 
Server 


Novell Remote 
Manager (NRM) 


Novell Samba 


Novell Storage 
Services (NSS) 


Other Module Dependencies 


+ 


+ 


+ 


Novell Backup/Storage Management Services (SMS) 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 

Novell iManager 

Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
Novell iManager 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup / Storage Management Services (SMS) 
NetIQ eDirectory (without a replica) 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 


Novell Linux User Management (LUM) 


Novell Backup/Storage Management Services (SMS) 
Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 

Novell NCP Server 

Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 
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Pattern Other Module Dependencies 


Novell Storage Service . 
AD Support ` 
+ 


+ 


Novell Backup/Storage Management Services (SMS) 
NetIQ eDirectory 

Novell NCP Server 

Novell Storage Services (NSS) 

Novell CIFS Services 


Novell Linux User Management (LUM) 


Novell Remote Manager (NRM) 


12b Type or select the information for each field requested on each page, then click Next until a 
summary of settings is displayed for that service. 


12c Verify that the settings for each module are what you want. 


If not, click Reset Configuration and provide the corrected settings. 


12d Repeat Step 12a through Step 12c until all the required modules have been configured, 


then continue with Step 13. 


13 Save the file.: 
13a Click File > Save. 


13b Browse to a location that you want to save the file to. 


13c Type filename .xml, then click Save. 


Replace filename with an appropriate name to identify the control file for the installation you 


are performing. 


By default, the file is saved in the /var/lib/autoinstall/repository/ directory. 


For additional filename requirements and recommendations, see “The Auto-Installation 
Process” in Automatic Linux Installation and Configuration with Yast2 (http:// 
doc.opensuse.org/projects/YaS T/openSUSE11.3/autoinstall/). 


14 Exit the configuration management tool by clicking File > Exit. 


15 Proceed with “Setting Up an Installation Source” on page 196. 


9.3 Setting Up an Installation Source 


For OES 2015 SP1, you must set up a separate directory for the SLES 11 SP4 software and the OES 


2015 software. 


AutoYaST requires an installation source. You have several options. For an explanation of each, see 
“Network Based Installation” (http://doc.opensuse.org/projects/YaST/openSUSE11.3/autoinstall/ 
Bootmanagement.html) and “The Auto-Installation Process” in Automatic Linux Installation and 
Configuration with Yast2 (http://doc.opensuse.org/projects/YaST/openSUSE11.3/autoinstall/). 
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9.4 


9.4.1 


9.4.2 


Cloning an OES Server Post OES Installation and 
Configuration 


This section describes the procedures to clone an OES server post OES installation and 
configuration. When there is a server crash, you can use this procedure to reinstall the server with the 
same configurations that existed before the crash. This is a two step task: generate the 

autoinst .xml file post OES installation and configuration, use that XML file to reinstall and configure 
the server. 


Generating the autoinst.xml File 


The autoinst.xml file contains all the configuration details of the components, passwords, IP address, 
and so on. Store this file in a secure location, and use it to reinstall and reconfigure your OES server 
when there is a crash. 


To generate the autoinst. xml file: 
1 Log on to the OES server with administrative privileges and execute the following command: 


yast2 clone_system. 


This generates an autoinst. xml file at /root. Generate this file as and when you make some 
configuration changes to the server. 


2 Store this file in a secure location for future use. 


NOTE: The generated autoinst. xml file will have the XML tags of the OES components that 
you have not installed and configured. This does not affect any functionality. When you use the 
generated autoinst.xml file, only the components that are available under the <patterns> tag 
will be installed. 


Using the autoinst.xml to Reinstall an OES Server 


To reinstall an OES server using autoinst.xml: 


1 Edit the autoinst.xml file, and modify the following: 
+ Replace all instances of “Replace this text with the real password” with root password. 
+ Replace “ENTER PASSWORD HERE” with eDirectory password. 


+ Locate and remove the entire net -udev section that has the details about the MAC 
address. 


<net-udev config: type="list"> 
<rule> 
<name>eth0</name> 
<rule>ATTR{address}</rule> 
<value>00:0c:29:4d:e0: 72</value> 
</rule> 
</net -udev> 
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+ Locate and remove the user and group gdm entries. For more information, see TID 
7006641 Error: Could not update ICEauthority file /var/lib/gdm/.1CEauthority (http:// 
www.novell.com/support/kb/doc.php?id=7006641). 


<group>root 
<encrypted config: type="boolean">true</encrypted> 
<gid>112</gid> 
<group_password>!</group_password> 
<groupname>gdm</groupname> 
<userlist></userlist> 

</group> 


<user> 
<encrypted config: type="boolean">true</encrypted> 
<fullname>Gnome Display Manager daemon</fullname> 
<gid>112</gid> 
<home>/var/lib/gdm</home> 
<password_settings> 
<expire></expire> 
<flag></flag> 
<inact></inact> 
<max>99999</max> 
<min>0</min> 
<warn>7</warn> 
</password_settings> 
<shell>/bin/false</shell> 
<uid>107</uid> 
<user_password>*</user_password> 
<username>gdm</username> 
</user> 


2 Host the modified autoinst. xml file in a HTTP server. 
3 Boot the OES server with 0ES2015-SP1-addon_with_SLES11-SP4-x86_64-DVD.iso. 
4 In the installation screen, select Install, and specify the following information: 


autoyast=<The HTTP location where the autoinst.xml file is hosted> 
netsetup=hostip hostip=<enter machine IP> netmask=<enter the netmask> 
gateway=<enter the gateway> 


For example: 


autoyast=http://198.162.1.1/autoinst.xml netsetup=hostip hostip=192.168.1.2 
netmask=255.255.254.0 gateway=192.164.1.254 


5 Press Enter and the OES installation and configuration starts and completes without any user 
intervention. 
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Installing OES as a VM Host Server 


You can install Open Enterprise Server (OES) 2015 SP1 as a VM host server for either the Xen or 
KVM virtualization services included with SLES 11. To understand why you might want your VM host 
server to have OES 2015 SP1 installed, see “Why Install OES Services on Your VM Host?” in the 
OES 2015 SP1: Planning and Implementation Guide. 


IMPORTANT: Only Xen supports NetWare 6.5 SP8 running as a VM guest server. KVM does not. 
Both Xen and KVM support OES 2015 SP1 running as a VM guest server. 


¢ Section 10.1, “Installing the KVM Hypervisor and Tools,” on page 199 

¢ Section 10.2, “Installing the Xen Hypervisor and Tools,” on page 200 

¢ Section 10.3, “Upgrading Xen VM Host Server to OES 2015 SP1,” on page 202 
¢ Section 10.4, “Setting Up Bridging After the Upgrade,” on page 202 


10.1 Installing the KVM Hypervisor and Tools 


IMPORTANT: KVM requires a server that supports Intel Virtualization Technology (VT) with VT 
enabled. 


The following instructions assume that you are installing OES 2015 SP1 and the KVM hypervisor and 
tools on a SLES 11 SP4 server that you have previously installed. You can also install KVM at the 
same time as SLES. 


For more information about KVM, see the Virtualization with KVM (http:/www.suse.com/ 
documentation/sles11/book_kvm/data/book_kvm.html) guide. 


1 To install KVM, on the SLES 11 SP4 server desktop click Computer > YaST > Virtualization > 
Install Hypervisor and Tools. 

2 Select KVM, click Accept > Install. 

3 Click Yes to install a network bridge. 


After the software installs and configures, you are prompted to restart the machine. To avoid an 
interruption, you can do this in Step 15. 


4 To install OES 2015 SP1, under Software, click Add-on Products. 
5 On the Installed Add-On Products page, click Add. 


6 On the Media Type page, specify the type of your OES 2015 SP1 installation media you are 
using and click Next and add the installation media. 


” 


For more information, see Section 3.5, “Specifying the Add-On Product Installation Information, 
on page 48. 


N 


On the Software Selections page, scroll down to the OES Services category. 
Only the following are supported on a VM host server: 

+ Novell iPrint 

+ Novell Linux User Management (LUM) 
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+ Novell Storage Management Services (SMS) 
+ Novell Cluster Services (NCS) 


You can select any of these services that you want to be available on the host server, or you can 
leave all of the services deselected. In either case, the server will be configured as an OES 
server. 


8 If you selected any of the supported OES services, Novell Remote Manager (NRM) is also 
selected. Click the green check mark by NRM to deselect NRM and prevent it from being 
installed. NRM is not a supported OES service on a VM host server. 


9 Click Accept. 
OES 2015 SP1 is installed. 


10 On the Configured LDAP Servers page, specify the tree name, admin name, and password for 
the eDirectory tree into which you are installing the host server. 


IMPORTANT: If you didn’t select any OES services, the Novell Open Enterprise Server 
Configuration page appears instead. In that case, the Configured LDAP Servers page is 
accessible via the LDAP Configuration for Open Enterprise Services link. 


11 Click Add and specify the IP address of a server in the tree that has eDirectory installed on it, 
then click Next. 


12 On the Novell Open Enterprise Server Configuration page, click Next. 
13 On the Installation Completed page, click Finish. 


14 On the Novell Customer Center page, select Registration Code and click Next. Register your 
OES 2015 SP1 server. 


For more information, see Chapter 8, “Updating (Patching) an OES 2015 SP1 Server,” on 
page 177. 


15 Shut down, and then restart the server. 


The server is now prepared to function as a KVM VM host server. For instructions on starting and 
running the server, see the Virtualization with KVM (http://www.suse.com/documentation/sles11/ 
book_kvm/data/book_kvm.html) guide. 


Installing the Xen Hypervisor and Tools 


The following instructions assume that you are installing OES 2015 SP1 and the Xen hypervisor and 
tools on a SLES 11 SP4 server that you have previously installed. 


NOTE: You can also install Xen and OES 2015 SP1 at the same time as SLES either using the 
integrated SLES 11 SP4 with OES media or using OES 2015 SP1 add-on media. For either of these 
later options, the instructions that follow require slight but straight-forward adjustments. 


For more information about Xen, see the Virtualization with Xen (http:/www.suse.com/ 
documentation/sles11/book_xen/data/book_xen.html) guide. 


1 To install Xen, on the SLES 11 SP4 server desktop click Computer > YaST > Virtualization > 
Install Hypervisor and Tools. 

2 Select Xen, click Accept > Install. 

3 Click Yes to install a network bridge. 


After the software installs and configures, you are prompted to restart the machine. To avoid an 
interruption, you can do this in Step 15. 
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4 To install OES 2015 SP1, under Software, click Add-on Products. 
5 On the Installed Add-On Products page, click Add. 
6 On the Media Type page, specify the type of your OES 2015 SP1 installation media you are 
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15 
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using and click Next and add the installation media. 


For more information, see Section 3.5, “Specifying the Add-On Product Installation Information,” 
on page 48. 
On the Software Selections page, scroll down to the OES Services category. 
Only the following are supported on a VM host server: 
+ Novell iPrint 
+ Novell Linux User Management (LUM) 
+ Novell Storage Management Services (SMS) 
+ Novell Cluster Services (NCS) 


You can select any of these services that you want to be available on the host server, or you can 
leave all of the services deselected. In either case, the server will be configured as an OES 
server. 


If you selected any of the supported OES services, Novell Remote Manager (NRM) is also 
selected. Click the green check mark by NRM to deselect NRM and prevent it from being 
installed. NRM is not a supported OES service on a VM host server. 


Click Accept. 
OES 2015 SP1 is installed. 


On the Configured LDAP Servers page, specify the tree name, admin name, and password for 
the eDirectory tree into which you are installing the host server. 


IMPORTANT: If you didn’t select any OES services, the Novell Open Enterprise Server 
Configuration page appears instead. In that case, the Configured LDAP Servers page is 
accessible via the LDAP Configuration for Open Enterprise Services link. 


Click Add and specify the IP address of a server in the tree that has eDirectory installed on it, 
then click Next. 


On the Novell Open Enterprise Server Configuration page, click Next. 
On the Installation Completed page, click Finish. 


On the Novell Customer Center page, select Registration Code and click Next. Register your 
OES 2015 SP1 server. 


For more information, see Chapter 8, “Updating (Patching) an OES 2015 SP1 Server,” on 
page 177. 


Shut down, and then restart the server. 


To run the server as a Xen host, you must select the boot option that includes the Xen kernel. 
Alternatively, you can modify the boot loaded in YaST to load the Xen kernel by default. 
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10.3 


10.4 


Upgrading Xen VM Host Server to OES 2015 SP1 


The upgrade process of a Xen VM host server is exactly the same as upgrading a regular OES 
(earlier version) server to OES 2015 SP1, with one important difference. After the server is updated, 
the Xen Hypervisor might have an incorrect network configuration that prevents Xen from running. 


SUSE has improved the network configuration in SLES 11. If you install SLES 11 SP4 and configure 
Xen, you get a bridged setup through YaST. However, if you upgrade from SLES 10 to SLES 11, the 
upgrade does not configure the bridged setup automatically. Until the bridged setup is configured for 
SLES 11, your Xen VM guest servers will not run. Be sure to set up the bridge using YaST as outlined 
in Section 10.4, “Setting Up Bridging After the Upgrade,” on page 202. 


NOTE: If you have an advanced network configuration, refer to the SLES documentation for 
instructions on configuring your network settings during the upgrade. The instructions in this section 
assume a single network interface. 


Setting Up Bridging After the Upgrade 


After the upgrade completes and the server has all patches applied, do the following: 


On the desktop, click Computer > YaST. 

Click Virtualization > Install Hypervisor and Tools. 

Select Xen and click Accept. 

If prompted to install packages, click Install. 

When prompted to configure a network bridge, click Yes. 

When the hypervisor and tools installation is completed, click OK. 


Click YaST > Virtualization > VirtualMachineManager. 


On OO FF WYN FP 


Click File > Add Connection > Connect. 


Your VM guests are now able to be run. 
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Installing, Upgrading, or Updating OES 
ona VM 


In Open Enterprise Server (OES), you can install OES 2015 SP1 as a guest operating system on the 
following servers: 


+ An OES 2015 SP1 server that has been set up as a Xen-based host server 


See Chapter 10, “Installing OES as a VM Host Server,” on page 199. 
+ A SUSE Linux Enterprise Server (SLES) 11 SP4 Linux server running KVM. 


See the Virtualization with KVM (http://www.suse.com/documentation/sles11/book_kvm/data/ 
book_kvm.html) guide. 


+ A SUSE Linux Enterprise Server (SLES) 11 SP4 Linux server running Xen. 


See the Virtualization with Xen (http:/Awww.suse.com/documentation/sles11/book_xen/data/ 
book_xen.html) guide. 


For general information on the virtualization technology in SLES 11 SP4, see the SLES 11 
documentation (http://www.suse.com/documentation/sles11/). 


This section documents the system requirements, installation instructions, upgrade and migration 
instructions, and issues associated with setting up OES 2015 SP1 on a Xen-based virtual machine. 

¢ Section 11.1, “System Requirements,” on page 203 

¢ Section 11.2, “Prerequisites,” on page 205 

¢ Section 11.3, “Preparing the Installation Software,” on page 205 

¢ Section 11.4, “Installing an OES 2015 SP1 VM Guest,” on page 205 

¢ Section 11.5, “Upgrading an OES VM Guest to OES 2015 SP1,” on page 209 

¢ Section 11.6, “Managing a Virtual Machine Running OES 2015 SP1,” on page 210 


¢ Section 11.7, “Setting Up an OES 2015 SP1 VM Guest to Use Novell Storage Services (NSS),” 
on page 210 


11.1 System Requirements 


To create an OES 2015 SP1 VM guest, you need a SLES 11 SP4 or OES 2015 SP1 server that is set 
up as a VM host server. 


¢ Section 11.1.1, “OES 2015 SP1 VM Host Considerations,” on page 204 
¢ Section 11.1.2, “Novell Storage Services Considerations,” on page 204 


¢ Section 11.1.3, “Setup Instructions,” on page 204 
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11.1.1 


11.1.2 


11.1.3 


OES 2015 SP1 VM Host Considerations 


When you set up a virtual machine host for OES 2015 SP1 VM guests, ensure that the host server 
has the following: 


¢ Time synchronization: Set the server’s time configuration to the same reliable, external 


time source as the eDirectory tree that the virtual machines on that host will be joining. 
To set the time source, use Yast > Network Services > NTP Time Configuration. 
The time source can be running NTP or Timesync with the NTP option selected. 


RAM: Enough memory to support each virtual machine that you want to run concurrently on 
the host server. 


For example, if you are installing one OES 2015 SP1 virtual machine, you need a minimum 
of 3 GB of memory (1 GB for the host plus 2 GB for the OES 2015 SP1 Linux VM). 


If you are installing two virtual machines, and the first VM guest’s services need 2 GB and 


the second guest's need 2.5 GB, you need 4.5 GB for the VM guests and 1 GB for the 
host—a total of 5.5 GB. 


Disk Space: Enough disk space on the host for creating and running your VM guests. 


The default disk space required for an OES 2015 SP1 VM guest is 7 GB and the default 
allocation for each VM guest in Xen is 10 GB, leaving only approximately 6 GB for data files, 
etc. The space you need is dependent on what you plan to use the virtual server for and 
what other virtual storage devices, such as NSS volumes, that you plan to attach to it. 


SLES Platform: OES 2015 SP1 cannot run as a paravirtualized guest on SLES 10 SP4 or 
earlier hosts. 


Novell Storage Services Considerations 


If you want to set up Novell Storage Services (NSS) on the virtual machine, note the following: 


NSS can recognize physical, logical, or virtual devices up to 2E64 sectors (8388608 petabytes (PB) 
based on the 512-byte sector size. 


For information, see “Device Size” in the OES 2015 SP1: NSS File System Administration Guide for 


Setup Instructions 


As mentioned in Section 11.1, “System Requirements,” on page 203, you can use either a SLES 11 
SP4 server or an OES 2015 SP1 server as your VM host server. 


For setup procedures, see the following information: 


¢ SLES 11 SP4: See the Virtualization with KVM (http://www.suse.com/documentation/sles11/ 
book_xen/data/book_xen.html) and the Virtualization with Xen (http://www.suse.com/ 
documentation/sles11/book_xen/data/book_xen.html) guides. 


¢ OES 2015 SP1: “Chapter 10, “Installing OES as a VM Host Server,” on page 199.” 
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11.2 


11.3 


11.3.1 


11.3.2 


11.4 


Prerequisites 


Before creating an OES 2015 SP1 virtual machine, you need the following: 


¢ If you want to use AutoYaST to specify the Installation settings, create an AutoYaST profile 
(control) file and download it to a directory on the host machine server or make it available on the 
network. For more information, see Chapter 9, “Using AutoYaST to Install and Configure Multiple 
OES Servers,” on page 189. 


+ Astatic IP address for each virtual server that you want to create. 


Preparing the Installation Software 


¢ Section 11.3.1, “Downloading the Installation Software,” on page 205 
¢ Section 11.3.2, “Preparing the Installation Source Files,” on page 205 


Downloading the Installation Software 


For information on downloading the following ISO image files, see the Novell Open Enterprise Server 
2015 SP1 Download Instructions (https://download.novell.com/Download?buildid=W-7IB1Nazjc~). 


Table 11-1 OES ISO Images and DVD Labels for x86_64 (64-Bit Installations) 


ISO Image File DVD Label 


0ES2015-SP1-addon-x86_64-DVD1.iso Novell Open Enterprise Server 2015 SP1 
Media 1 


SLES-11-SP4-DVD-x86_64-GM-DVD1.iso SUSE Linux Enterprise Server 11 SP4 DVD 


Preparing the Installation Source Files 


To create an OES 2015 SP1 VM guest, you must make the installation software available in one of 
the following locations: 


+ A Local Installation Source: The 64-bit (Table 11-1) ISO files copied to the host server’s local 
drives. 


+ A Network Installation Source: The 64-bit (Table 11-1) ISO files used to create a network 
installation source. For instructions, see “Setting Up the Server Holding the Installation Sources” 
in the SUSE Linux Enterprise Server 11 Deployment Guide (http:/Awww.suse.com/ 
documentation/sles11/book_sle_deployment/data/sec_deployment_remoteinst_instserver.html). 


Installing an OES 2015 SP1 VM Guest 


Creating an OES 2015 SP1 virtual machine requires you to complete the following major tasks. 


¢ Section 11.4.1, “Specifying Options for Creating an OES 2015 SP1 VM Guest,” on page 206 
¢ Section 11.4.2, “Specifying the Installation Mode,” on page 207 

¢ Section 11.4.3, “Specifying the Add-On Product Installation Information,” on page 208 

¢ Section 11.4.4, “Completing the OES 2015 SP1 VM Guest Installation,” on page 209 
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11.4.1 Specifying Options for Creating an OES 2015 SP1 VM Guest 


The Create Virtual Machine Wizard helps you through the steps required to create a VM guest and 
install the desired operating system. 
1 Launch the Create Virtual Machine Wizard by using one of the following methods: 


¢ From the virtualization host server desktop, click YaST > Virtualization > Create Virtual 
Machines 


+ From within Virtual Machine Manager, click New. 
+ At the command line, enter vm-install. 


If the wizard does not appear or the vm- install command does not work, review the process of 
installing and starting the virtualization host server. The virtualization software might not be 
installed properly. 


2 After specifying that you want to create a virtual machine, click Forward. 
3 Click Forward. 


The option to set up a virtual machine based on an existing disk or disk image is supported only 
if the existing disk or disk image was originally set up through the Create Virtual Machine Wizard. 


4 On the Type of Operating System page, select the supported version of SLES for the OES, then 
click Forward. 


The Summary page is displayed. 


NOTE: Detailed explanations of the Summary page settings are available in “Virtualization: 
Configuration Options and Settings (http://www.suse.com/documentation/sles11/book_xen/data/ 
cha_xen_config.html)” in the Virtualization with Xen guide (http://www.suse.com/documentation/ 
sles11/book_xen/data/book_xen.html). 


5 Click Name of Virtual Machine. 


6 Specify a name for the virtual machine in the Name field, then click Apply. 


For example, you might specify hostname_vm, where hostname is the DNS name of the server 
you are installing in the VM. 


7 Click Hardware. 


7a Specify the amount of initial and maximum memory for the virtual machine to consume from 
the available memory. The initial memory should not be less than 1024 MB. 


7b Specify the number of processors that you want the virtual machine to use. 
7c Click Apply. 


8 If you want to change the graphics adapter settings, click Peripheral Devices and select the type 
of graphic support desired, then click Apply. 


9 Click Disks. 


The Virtual Disks dialog box lets you create one or more virtual disks that the OES 2015 SP1 VM 
guest has access to. If you are installing from a DVD on the host server or from an ISO image file 
copied to the host server’s storage devices, these are also listed as virtual disks. 


Initially, a 10 GB file is specified for the partitions/volumes on the virtual server. The default 
location of the file is /var/lib/xen/images. 


By default, this is a sparse file, meaning that although 10 GB is allocated, the size of the file on 
the disk is only as large as the actual data it contains. Sparse files conserve disk space, but they 
have a negative impact on performance. 
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The OES 2015 SP1 installation guidelines recommend 10 GB for a server installation. Keep in 
mind, however, that you are defining the total local disk size for the server. You should allocate 
as much local space as you anticipate the server needing for data and other files after it is 
hosting user services. 


9a Specify the hard disk space you want to be available to the virtual machine. 
9b Click Apply. 
9c To create additional virtual disks, click the Harddisk icon in the Disks wizard. 


10 If you are installing SLES 11 SP4 from a downloaded ISO image file, click DVD, browse to the 
SLES 11 SP4 image file, then click Open > OK > Apply. 


11 If you are installing OES 2015 SP1 from a downloaded ISO image file, click DVD, browse to the 
OES 2015 SP1 image file, then click Open > OK > Apply. 


12 If you want to change the network adapter settings, click Network Adapters, view the default 
setting, then edit the default settings. 


or 
Click New and specify the setting for another network board of your choice, then click Apply. 
13 Click Operating System: 


13a If you are installing from a downloaded ISO image, ensure that the SLES 11 SP4 image is 
specified as the Virtual Disk installation source. 


13b If you are installing from a network installation source, specify the URL for the SLES 11 SP4 
network installation source. 


You specify a network installation source for OES 2015 SP1 during the install. 


13c If you are using an AutoYaST control file to specify the settings for a virtual machine 
operating system, specify the path to the file in the AutoYaST File field or click the Find 
button to the right of the field to locate the file on the local host server. 


13d If necessary, use the Additional Arguments field to specify additional install or boot 
parameters to assist the installation. 


For example, if you wanted to specify the parameters for an IP address of 192.35.1.10, a 
netmask of 255.255.255.0, a gateway of 192.35.1.254 for the virtual server, and use ssh to 
access the installation from another workstation, you could enter the following parameters in 
the Additional Argument field: 


hostip=192.35.1.10 netmask=255.255.255.0 gateway=192.35.1.254 usessh=1 
sshpassword=password 


13e Click Apply. 
14 Click OK to start the virtual machine and launch the operating system installation program. 
15 Continue with Section 11.4.2, “Specifying the Installation Mode,” on page 207. 


11.4.2 Specifying the Installation Mode 


1 When the Installation Mode screen displays, select the following menu options: 


+ New Installation 
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+ Include Add-On Products from Separate Media 
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2 Click Next. 
3 Continue with Section 11.4.3, “Specifying the Add-On Product Installation Information,” on 
page 208. 


11.4.3 Specifying the Add-On Product Installation Information 


When the Add-On Product Installation page displays: 


1 Click Add. 
2 If you are installing OES 2015 SP1 from an ISO image file: 
2a On the Add-On Product Media page, click Specify URL, then click Next. 
2b In the URL field, type 
hd: ///?device=/dev/xvdc/ 
2c Click OK. 
2d Skip to Step 4. 


3 If you are installing from a network installation source, click the appropriate protocol for your 
situation, then click Next and supply the required information. 


4 Read and accept the Novell Open Enterprise Server 2015 SP1 license agreement, then click 
Next. 


5 Confirm that the Add-On Product Installation page shows the correct path to the OES media, 
then click Next. 


6 Continue with “Completing the OES 2015 SP1 VM Guest Installation.” 
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11.4.4 


11.5 


11.5.1 


11.5.2 


Completing the OES 2015 SP1 VM Guest Installation 


1 Follow the on-screen prompts, using the information contained in the following sections: 
1a Section 3.6, “Setting Up the Clock and Time Zone,” on page 48. 


1b Section 3.7, “Specifying the Installation Settings for the SLES Base and OES Installation,” 
on page 48. 


1c Section 3.8, “Specifying Configuration Information,” on page 55. 


During the configuration portion of the installation, you might see additional prompts 
concerning hardware detection of the network cards, DSL, PPPoE DSL, ISDN cards, and 
modems. 


When you specify the time source during the eDirectory configuration, use the same time 
source as the eDirectory tree you are installing the server into. 


After the installation, enable the virtual machine’s Independent Wall Clock setting and 
reboot the virtual machine so it can synchronize its time correctly. For more information on 
this configuration issue, “Virtual Machine Clock Settings (http:/Awww.suse.com/ 
documentation/sles11/book_xen/data/sec_xen_guests_suse_time.html)” in the 
Virtualization with Xen guide (http://www.suse.com/documentation/sles11/book_xen/data/ 
book_xen.html). 


1d Section 3.9, “Finishing the Installation,” on page 107. 


During the hardware configuration, graphics and sound cards are not recognized when 
installing OES 2015 SP1 as a VM guest. 


2 Complete the server setup by following the procedures in “Chapter 6, “Completing OES 
Installation or Upgrade Tasks,” on page 161.” 


Upgrading an OES VM Guest to OES 2015 SP1 


IMPORTANT: To upgrade an OES VM paravirtualized guest to OES 2015 SP1, you must install using 
files on the network. Physical media upgrades and using ISO image files are not supported methods. 
OES 2015 SP1 cannot run as a paravirtualized guest on SLES 10 SP4 or earlier hosts. 


Performing a down-server upgrade on a Xen VM guest running on a SLES 11/OES 2015 SP1 VM 
host is very much like upgrading a physical machine 


¢ Section 11.5.1, “Before You Start the Upgrade Process,” on page 209 
¢ Section 11.5.2, “Starting the Upgrade,” on page 209 


Before You Start the Upgrade Process 
1 Make sure you follow all of the applicable instructions and guidelines in Section 5.2, “Planning 


for the Upgrade to OES 2015 SP1,” on page 116 and Section 5.3, “Meeting the Upgrade 
Requirements,” on page 117. 


Starting the Upgrade 


1 In Virtual Machine Manager, shut down the OES VM guest that you are upgrading. 
2 Click the Create a New Virtual Machine icon or right-click localhost (Xen) and choose New. 
3 Click Forward. 
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11.6 


11.7 


Select | Need to Upgrade an Existing Operating System, then click Forward. 
Select Novell Open Enterprise Server, then click Forward. 
In the Managed Virtual Machines list, select the VM guest you are upgrading. 


In the Network URL field, type the URL to your SLES 11 SP4 network-based installation source, 
then click Upgrade. 


N © of ff 


io) 


On the Welcome page, agree to the license and click Next. 


9 For instructions on the rest of the upgrade process, go to Section 5.4.3, “Selecting the 
Installation Mode Options,” on page 124 and continue from there. 


Managing a Virtual Machine Running OES 2015 
SP1 


Managing a virtual machine running OES 2015 SP1 is the same as managing virtual machines 
running other operating systems. See the instructions for your virtualization platform: 


¢ “Managing a Virtualization Environment (http://www.suse.com/documentation/sles11/book_xen/ 
data/cha_xen_manage.html)” in the Virtualization with Xen guide (http://www.suse.com/ 
documentation/sles11/book_xen/data/book_xen.html). 


¢ The Virtualization with KVM guide (http://www.suse.com/documentation/sles11/b00k_kvm/data/ 
book_kvm.html). 


Setting Up an OES 2015 SP1 VM Guest to Use 
Novell Storage Services (NSS) 


When you install OES 2015 SP1 on a virtual machine, we recommend that you configure a virtual 
machine with multiple devices. Use the primary virtual disk as the system device with LVM2 (the 
YaST install default) as the volume manager. After the install, you can assign additional storage 
resources from the host server to the virtual machine. 


IMPORTANT: When you create the virtual machine, make sure to configure the size of the primary 
virtual disk according to the amount of space you need for the /boot, swap, and root (/) volumes. 


After the virtual machine is set up, you need to perform additional tasks to set up additional Novell 
Storage Service (NSS) devices. See “Using NSS in a Virtualization Environment” in the OFS 2015 
SP1: NSS File System Administration Guide for Linux. 
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Installing and Managing NetWare ona 
Xen-based VM 


IMPORTANT: NetWare 6.5 SP8 has been modified to run in paravirtual mode on a Xen virtual 
machine. Running NetWare in fully virtualized mode on a Xen host server or on a KVM host server is 
not supported. 


You can install NetWare as a virtual machine guest (VM guest) operating system on the following 
servers: 


¢ A SUSE Linux Enterprise Server (SLES) 11 SP4 Linux server 


See “Setting Up a Virtual Machine Host” (https://www.suse.com/documentation/sles11/ 
book_xen/data/cha_xen_vhost.html) in the Virtualization with Xen guide (https://www.suse.com/ 
documentation/sles11/book_xen/data/book_xen.html). 


+ An OES 2015 SP1 server that has been set up as a Xen-based host server 
See “Chapter 10, “Installing OES as a VM Host Server,” on page 199.” 


For general information on the Xen virtualization technology in SLES 11 SP4, see the Virtualization 
with Xen guide (https://www.suse.com/documentation/sles11/book_xen/data/book_xen.html). 


NOTE: To get started with third-party virtualization platforms, such as Hyper-V from Microsoft and the 
different VMware product offerings, refer to the documentation for the product that you are using. 


This section documents the system requirements, installation instructions, upgrade and migration 
instructions, and issues associated with setting up NetWare on a Xen-based virtual machine. 

¢ Section 12.1, “Introduction,” on page 211 

¢ Section 12.2, “Support Information,” on page 212 

¢ Section 12.3, “Preparing to Install a NetWare VM Guest Server,” on page 212 

¢ Section 12.4, “Installing Virtualized NetWare,” on page 215 

¢ Section 12.5, “Managing NetWare on a Virtual Machine,” on page 220 

¢ Section 12.6, “If VM Manager Doesn't Launch on a Xen VM Host Server,” on page 222 


12.1 Introduction 


To simplify the process of installing virtualization software, the SLES 11 SP4 software includes Xen 
Virtual Machine Host Server as a primary server function that you can select when installing SLES 11 
SP4 as a virtualization host server. 


Selecting this pattern installs the Xen host server software, which enables the server to boot the Xen 
version of the SLES 11 SP4 operating system kernel. It also installs utilities for preparing and creating 
virtual machines. 


After the host server is up and running, you can then create a virtual machine and install NetWare 6.5 
SP8 as a guest operating system. 
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12.2 Support Information 


¢ Section 12.2.1, “OES Registration Is Required for Support,” on page 212 
¢ Section 12.2.2, “Supported Configurations and Features,” on page 212 


¢ Section 12.2.3, “Unsupported Configurations and Features,” on page 212 


12.2.1 OES Registration Is Required for Support 


Virtualized NetWare in Xen is an OES product feature. Support for NetWare on a Xen virtual machine 
is available only to registered OES customers. 


12.2.2 Supported Configurations and Features 


The following configurations and features are supported for NetWare VM guest servers. 


+ NetWare 6.5 SP7 and later running in paravirtual mode. 

¢ The graphical paravirtualized frame buffer and the text-based console interface. 
¢ Running on 32-bit, 32-bit PAE, and 64-bit hypervisors. 

¢ Running in 32-bit PAE compatibility mode on 64-bit platforms. 
+ Up to 16 block devices. 

+ Up to 32 virtual CPUs. 

+ The pause and resume functionality. 

+ The xm shutdown command. 

+ The shutdown command in Virtual Machine Manager. 

+ Allocated memory from 1 GB to 8 GB. 

¢ VCPU cover commitment, pinning, and capping. 


12.2.3 Unsupported Configurations and Features 


The following configurations and features are not supported for NetWare VM guest servers. 


e NetWare in full virtualization mode. 

+ NetWare 6.5 SP6 and earlier running on a virtual machine. 
¢ VCPU hotplug. 

+ Network or block device hotplug. 

¢ Virtual memory resizing. 

¢ Direct access to physical devices. 

+ The save, restore, and migrate commands. 

+ Some Novell Remote Manager debugging features. 


12.3 Preparing to Install a NetWare VM Guest Server 


¢ Section 12.3.1, “Planning for VM Host Servers,” on page 213 
¢ Section 12.3.2, “Planning for NetWare VM Guest Servers,” on page 213 


212 Installing and Managing NetWare on a Xen-based VM 


12.3.1 


12.3.2 


¢ Section 12.3.3, “You Must Use Timesync for Time Synchronization,” on page 215 
¢ Section 12.3.4, “Disabling the AlttEsc Shortcut on the Host,” on page 215 


Planning for VM Host Servers 


+ “Meeting Server Hardware and Software Requirements” on page 213 
+ “Deciding Whether to Run OES Services on VM Host Servers” on page 213 


Meeting Server Hardware and Software Requirements 
To accommodate NetWare VM guest servers, your VM host servers must: 


O Meet the criteria specified in “Setting Up a Virtual Machine Host” (http://www.suse.com/ 
documentation/sles11/book_xen/data/cha_xen_vhost.html) in the Virtualization with Xen (http:// 
www.suse.com/documentation/sles11/book_xen/data/book_xen.html) guide. 


O Have enough memory (RAM) on the physical machine for: 
+ The SLES 11 operating system (512 MB) 
+ Any of the supported OES services that you install on the VM host (512 MB) 
+ Each NetWare virtual machine that you plan to run concurrently (1 GB to 8 GB) 


For example, if you are installing one NetWare VM guest server on a SLES 10 VM host server, 
you need a minimum of 2 GB of memory: 1 GB for the VM host server and 1 GB for the NetWare 
VM guest server. For optimal performance, you should allocate as much memory as possible for 
each NetWare VM guest, up to 8 GB each. 


O Have enough disk space on the host server for creating and running the VM guest servers. 


The default disk space for a NetWare VM guest server is 10 GB. You might need more or less 
space, depending on what you will use the guest server for and what its storage configuration 
will be. You might want to locate your virtual machines on a separate partition or even ona 
separate storage device. For example, you might create a /vm partition on a separate drive 
installed in the server. For additional information, see “Storage Planning” on page 214. 


Deciding Whether to Run OES Services on VM Host Servers 


You should also decide whether to install OES 2015 SP1 and one or more of its supported services 
on your VM host servers. 


To ensure that optimal resources are available to the virtual machines, each VM host server should 
be dedicated to running the Xen virtualization software as much as possible. However, there are 
several good reasons why you might want to choose to install the supported OES services on the 
host server itself. For more information, see “Why Install OES Services on Your VM Host?” in the 
OES 2015 SP1: Planning and Implementation Guide. 


Planning for NetWare VM Guest Servers 


Before creating NetWare virtual machines, you need to plan for the following: 


+ “RAM Planning” on page 214 

¢ “Storage Planning” on page 214 

+ “Network Planning” on page 214 

¢ “eDirectory Planning” on page 214 
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RAM Planning 


To ensure the best performance by your NetWare VM guests, you should plan for the optimal RAM 
configuration of each NetWare VM guest server. As a general rule, the more RAM you assign to a 
NetWare guest server (up to 8 GB), the better the server performance is. For specific planning 
information, see Optimizing Server Memory in the NW 6.5 SP8: Server Memory Administration 
Guide. 


Storage Planning 


The first disk space that you allocate while creating the Xen virtual machines is used by the NetWare 
VM guest for the sys: volume. The partition where this is created should be formatted as an Ext2 
partition (see “Xen VMs Need Ext2 for the System /Boot Volume” in the OES 2015 SP1: Planning and 
Implementation Guide). 


You can add other disk space as virtual devices for NSS pools and volumes. For best performance in 
a Xen virtual environment, NSS pools and volumes on NetWare should be created on virtual devices 
that live on SCSI devices, Fibre Channel devices, or iSCSI devices on the host server, or on partitions 
that are on those types of devices. 


SATA or IDE disks have slower performance because special handling is required when working 
through the Xen driver to ensure that data writes are committed to the disk in the order intended 
before the driver reports back. 


For more information on NSS disk storage, see “Using NSS in a Virtualization Environment” in the 
OES 2015 SP1: NSS File System Administration Guide for Linux. 


Network Planning 


Each Xen guest VM is assigned one virtualized network card by default. You can create additional 
cards if desired. 


You must obtain one static IP address for each virtualized network card you plan to create on your 
NetWare VM guest servers. OES 2015 does not support dynamically assigned (DHCP) IP addresses. 


eDirectory Planning 


You can place a NetWare virtual machine in an existing tree or as the first server in a new tree. 
However, the performance of virtualized NetWare doesn’t match a physical NetWare installation. In 
most cases, it is probably preferable to add your NetWare virtual machine to an existing tree located 
on a physical NetWare server, particularly if the tree is large. 


Also, because virtualized servers might be started and stopped more often than they would normally 
be on physical servers, we recommend that the master replica (usually the first server in a tree) be 
placed on a system that is running at all times. For more information about master replicas, see 
“Managing Partitions and Replicas” in the NetIQ eDirectory 8.8 SP8 Administration Guide. 
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12.3.4 


12.4 


You Must Use Timesync for Time Synchronization 


Because of known issues with Xen and the NTP NLM, you must use Timesync as the time 
synchronization method for NetWare VM guests running on Xen VM hosts. Otherwise, time drift 
causes problems for your NetWare VM guests. 


Keeping accurate time is a critical function for servers in an eDirectory tree. The reported time must 
be synchronized across the network to provide the expiration dates and time stamps necessary for 
ordering eDirectory events. 


NetWare VM guest servers synchronize time in the same ways that NetWare physical servers do. In 
other words, the clock on the VM host server has no influence on the NetWare VM guest server’s 
time. 


IMPORTANT: To ensure that your NetWare VM guest is configured correctly, be sure to follow the 
instructions in “Configuring Time Synchronization” (specifically Step 4) in the NW/65 SP8: Installation 
Guide, and configure the NetWare VM guest to get time from the same time source as the eDirectory 
tree it is joining. If the time source specified is an NTP server, be sure to select the NTP option next to 
the source’s DNS name or IP address. This enables Timesync to communicate with the NTP time 
source. 


Disabling the AlttEsc Shortcut on the Host 


Alt+Esc is used on a NetWare server to switch between console screens, but on SLES 11 it moves 
between open windows. To provide the expected behavior for the virtualized NetWare server, you 
must disable the shortcut for SLES 11. 

1 On the host server as the root user, click Computer > Control Center. 

2 Click Personal > Shortcuts. 


3 Under the Window Management category, click Move between windows immediately, then 
press the Backspace key to disable the shortcut. 


4 Click Close. 


5 Close the Control Center. 


Installing Virtualized NetWare 


This section provides the instructions for installing NetWare 6.5 SP8 as a guest OS. 


¢ Section 12.4.1, “Preparing the Installation Media,” on page 216 


¢ Section 12.4.2, “Creating a Xen Virtual Machine and Installing a NetWare VM Guest Server,” on 
page 216 
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Preparing the Installation Media 


You must use the DVD installation files to install a NetWare VM guest on a Xen VM host server. (Xen 
on SLES 11 doesn’t support DVD swapping.) 


The installation media must appear as a local disk to the virtual machine, but it can be physically 
located in either of the following locations: 


¢ Ona DVD in the host's physical DVD reader. 
+ As the DVD ISO image file copied to the Xen VM host server desktop. 


The following steps are for downloading to the VM host server’s desktop and can be adapted as 
necessary for the other locations listed above. 


1 Use the Firefox browser on the VM host server to access the Novell NetWare 6.5 SP8 Download 
page (http://download.novell.com/Download?buildid=dpIR3H1ymhk~) and download the 
NW65SP8_OVL_DVD. iso file to the server’s desktop (or another location of your choosing). 


2 After the file downloads, continue with Section 12.4.2, “Creating a Xen Virtual Machine and 
Installing a NetWare VM Guest Server,” on page 216. 


Creating a Xen Virtual Machine and Installing a NetWare VM 
Guest Server 


1 Open YaST, then click Virtualization > Create Virtual Machines. 


Create a Virtual Machine 


Create a Virtual Machine 


This assistant will guide you through creating a new 
virtual machine (VM). You will be asked for some 
information about the VM you'd like to create, such as: 


e The type of operating system that will run in the new VM 
Whether the VM will be fully virtualized or paravirtualized 


The location of the files necessary to install an 
operating system on the VM, or a disk that 
already has an operating system 


Other characteristics of the VM, such as 
memory, processors, and network adapters. 


For the most current information on Novell VM 
server technology, see http:/www.novell.com/ 
documentation/technology/vm_server 


| x Cancel | DA Forward 


2 Read the Create a Virtual Machine welcome page, then click Forward. 
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& 
Wa Create a Virtual Machine l 


| If you are creating this VM from scratch, you will need 

to install an operating system. When migrating a 
physical machine to a virtual machine, the disk with the 
existing operating system can often be reused for the 
VM 


@) | need to install an operating system. 
© Ihave a disk or disk image with an installed operating system. 


© I need to upgrade an existing operating system 


(Qen 


| K] aan 


Install an Operating System? 


» Forward 


3 Select I need to install an operating system, then click Forward. 


v NetWare 


b Other 

b RedHat 

vV SUSE 
Novell Open Enterprise Server 2 (Linux) 
SUSE (other) 
SUSE Linux Enterprise Desktop 10 
SUSE Linux Enterprise Desktop 11 
SUSE Linux Enterprise Server 8 
SUSE Linux Enterprise Server 9 
SUSE Linux Enterprise Server 10 
SUSE Linux Enterprise Server 11 
openSUSE 


nnanSIIGF 11 


a Create a Virtual Machine 


Type of Operating System 


Please specify the type of operating system that will run 
within the virtual machine. This defines many defaults, and 
helps decide how to start paravirtualized operating systems. 


Novell Open Enterprise Server 2 (NetWare) 


4 Click the triangle next to NetWare, select Novell Open Enterprise Server 2 (NetWare), then click 


Forward. 
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The Summary page appears, showing the settings to be used for the virtual machine. 


Create a Virtual Machine 


Click any headline to make changes. When the 
settings are correct, click OK to create the VM. 


Virtualization Method 
Paravirtualized 


Name of Virtual Machine 
NetWare1 


Hardware 
Initial Memory: 512 MB 
Maximum Memory: 1048576 MB 
Virtual Processors: 1 


Graphics 
Paravirtualized Graphics Adapter 


Disks 
1: 10.0 GB Hard Disk (/var/lib/xen/images/NetWare1/disk0) 


Network Adapters 
1: Paravirtualized; Randomly generated MAC address 


Operating System Installation 
Operating System: Novell Open Enterprise Server 2 (NetWare) 
Installation Source: 
Automated Installation: 
Additional Arguments: 


| cance | @ Back | Pox! 


5 Click Name of Virtual Machine. 


Specify the name that you want displayed for this virtual machine in the Virtual Machine 
Manager. 


For example, you might specify hostname_vm, where hostname is the host name of the server 
you are installing. 


6 Click Hardware. 


Change the initial memory setting to at least 1024 MB and the maximum setting to as much as 8 
GB, depending on the RAM available on your host server. 


Add additional virtual processors if desired. 
7 Click Disks. 


The Virtual Disks dialog box lets you create one or more virtual disks that the NetWare VM guest 
has access to. If you are installing from a DVD on the host server or from an ISO image file 
copied to the host server’s storage devices, these are also listed as virtual disks. 


Initially, a 10 GB file is specified for the partitions/volumes on the virtual server. The default 
location of the file is /var/lib/xen/images. 


By default, this is a sparse file, meaning that although 10 GB is allocated, the size of the file on 
the disk is only as large as the actual data it contains. Sparse files conserve disk space, but they 
have a negative impact on performance. 
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The NetWare install allocates 500 MB for a DOS partition and 4 GB for the sys: volume. The 
default disk size of 10 GB leaves about 5.5 GB for other partitions. 


7a Specify the hard disk space you want to be available to the virtual machine. 
7b Click Apply. 
7c To create additional virtual disks, click the Harddisk icon in the Disks wizard. 


If you want to change the location of the NetWare VM’s first virtual hard drive, select the default 
Hard Disk and click Edit. Then modify the path in the Server field to where you want the virtual 
disk located. 


Make sure that you specify enough physical disk space on the host server’s hard drive and 
partition to accommodate the maximum size of the virtual disk. 


If you want optimal performance, deselect the sparse file option. This creates a blank file of the 
selected size when you start the virtual machine installation. 


Click OK. 


If you are installing from a mounted DVD, click DVD, browse to /dev/cdrom or /dev/dvd, then 
click Open > OK > Apply. 


or 


If you are installing from a downloaded ISO image file, browse to the image file, then click Open 
> OK > Apply. 


If you want multiple virtual network adapters, click Network Adapters. 
Create virtual network adapters for the server. 
The default setting is a single paravirtualized network adapter. 


When you have the virtual machine settings the way you want them, click OK to proceed with the 
creation of the virtual machine and the installation of the virtual NetWare server. 


A VNC viewer window appears, displaying the progress of the NetWare install program. 
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Create a Virtual Machine 


NetWare! Virtual Machine Console 


Virtual Machine View 


Sélectionner cette ligne pour installer en frangais 
Diese Zeile fiir deutsche Installation auswählen 
Seleccione esta linea para instalarlo en español 
Selecione esta linha para instalar em Portugués 
Selezionare questa riga per installare in italiano 
Select this line to install in Russian 


cal 


14 Do the following: 
14a Click inside the installation window to set the mouse pointer. 


The mouse is not used on the first few screens, but you must set it now. Otherwise, the 
mouse and the keyboard might not work as expected when the GUI pages appear. 


14b Enter all of the installation information as you would for a physical NetWare installation. 


IMPORTANT: Do not close the VNC viewer window while the NetWare install program is running. 
Doing so prevents the installation from finishing properly. 


12.5 Managing NetWare on a Virtual Machine 


Virtualized NetWare is managed in the same way as if it were running on a physical machine. For 
information about managing your NetWare server, see the NW 6.5 SP8: Server Operating System 
Administration Guide. For additional information about managing NetWare servers in a virtualized 
environment, see Running NetWare in a Virtualized Environment in the NW 6.5 SP8: Server Memory 
Administration Guide. 


¢ Section 12.5.1, “Using the Virtual Machine Manager,” on page 221 
¢ Section 12.5.2, “Using the Command Line,” on page 221 
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12.5.1 


12.5.2 


Using the Virtual Machine Manager 


Managing a NetWare virtual machine is simplified by using the Virtual Machine Manager utility, which 
is installed by default when you install the Xen virtualization software. 


To start the Virtual Machine Manager, open a terminal prompt and enter virt-manager. 


For more information, see “Managing a Virtualization Environment (https://www.suse.com/ 
documentation/sles11/book_xen/data/cha_xen_manage.html)” in the Virtualization with Xen guide 
(https://www.suse.com/documentation/sles11/book_xen/data/book_xen.html). 


Using the Command Line 


Many NetWare administrators prefer to manage the server through the command line. If you want to 
use the command line, you should be aware of the following issues: 

¢ “Terminal Size” on page 221 

+ “NetWare Debugger” on page 221 

+ “VNC Viewer” on page 221 

+ “The xm Commands” on page 221 


Terminal Size 


The terminal window might display only 80x24 characters. If you don’t want to scroll to the command 
line, you need to resize the terminal. 


NetWare Debugger 


If pressing Alt+Shift+Shift+Esc doesn’t launch the debugger, you can enter 386debug at the 
command line. 


VNC Viewer 


In the VNC Viewer, pressing F8 displays a pop-up utility menu. Press F8 twice to pass single F8 to 
the remote side. 


The xm Commands 


+ You can also manage the NetWare virtual machine, and all other virtual machines running on the 
Xen hypervisor, by using the xm command line tools. For more information, see “The xm 
Command (https://www.suse.com/documentation/sles11/book_xen/data/ 
sec_xen_manage_xm.html)” in the Virtualization with Xen guide (https://www.suse.com/ 
documentation/sles11/book_xen/data/book_xen.html). 


+ To make a break in NetWare from a terminal, enter xm sysrq x c, where x is the domain ID and 
c is any keyboard character. 


Installing and Managing NetWare ona Xen-based VM 221 


12.6 If VM Manager Doesn’t Launch on a Xen VM Host 
Server 


If the option to launch the VM Manager for installing a NetWare guest is not available, the most likely 
cause is that the Xen kernel is not running on the Xen VM host server. See The Boot Loader Program 
(https:/Avww.suse.com/documentation/sles11/book_xen/data/sec_xen_config_bootloader.html) in the 
Virtualization with Xen guide (https://www.suse.com/documentation/sles11/book_xen/data/ 
book_xen.html). 


222 Installing and Managing NetWare on a Xen-based VM 


Switching to SHA-2 SSL Certificates 


Major browser vendors are taking steps to phase out SHA-1 signed certificates. OES certificates 
signed with SHA-1 should be replaced with certificate signed with SHA-2 to avoid warning messages 
to be displayed in browsers. 

¢ Section 13.1, “Configuring SHA-2 Certificate,” on page 223 


¢ Section 13.2, “Verifying the Certificates with SHA-2 Signature,” on page 224 


13.1 Configuring SHA-2 Certificate 


¢ Section 13.1.1, “Prerequisites,” on page 223 

¢ Section 13.1.2, “CA Server,” on page 223 

¢ Section 13.1.3, “Other Servers,” on page 223 

¢ Section 13.1.4, “Servers Running on eDirectory 8.8.7 or OES 11 SP1 or Earlier,” on page 224 


13.1.1 Prerequisites 


¢ eDirectory (January 2016 eDirectory 8.8 SP8 Patch 6 Hot Patch 1) 


13.1.2 CA Server 


1 Apply patch on the OES server where CA is hosted in the tree. 
2 Restart the eDirectory service. 
rcndsd restart 


3 Delete the existing CA in tree and create a new CA with SHA-2 signing algorithm. For more 
information, see the TID on Configuring eDirectory to mint certificates with a SHA-2 signature 
(7016877). 


4 Restart the eDirectory service. 
Run the following command to recreate the eDirectory server certificates with SHA-2 algorithm. 
rendsd restart 


5 Reboot the server. 


IMPORTANT: Ensure that eDirectory service is restarted before rebooting the server. 


All the OES services will now use the new eDirectory certificates. 


13.1.3 Other Servers 


1 Apply patch on the OES server. 
2 Restart the eDirectory service. 


Run the following command to recreate the eDirectory server certificates with SHA-2 algorithm. 
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rcendsd restart 


3 Reboot the server. 


IMPORTANT: Ensure that eDirectory service is restarted before rebooting the server. 


All the OES services will now use the new eDirectory certificates. 


13.1.4 Servers Running on eDirectory 8.8.7 or OES 11 SP1 or 
Earlier 
If there are OES servers (OES 11 SP1 or older versions) in the tree, it is recommended to delete the 


server certificates of that server and create a new certificate with SHA-2 signing algorithm same as 
CA. The CA will be hosted on either OES 11 SP2, OES 11 SP3 or OES 2015 servers in the tree. 


13.2 Verifying the Certificates with SHA-2 Signature 


+ On the OES server, run the following command against the LDAP server to verify that the 
certificate is using the SHA-2 signature. 


openssl s_client -connect 192.168.211.21:636 < /dev/null 2>/dev/null | openssl 
x509 -text -in /dev/stdin | grep "Signature Algorithm" 


If the return value is: Signature Algorithm: sha256WithRSAEncryption, then itis a RSA 
signature being protected by a SHA256 (SHA-2) accompanying hash function. 
+ Run the following command to verify the certificate file on the file system. 


"openssl x509 -in /var/opt/novell/eDirectory/data/SSCert.der -inform der -text 
-noout" 
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Disabling OES 2015 Services 


Although you can uninstall Novell Open Enterprise Server 2015 (OES) service RPMs through YaST, 
we do not recommend it because so many modules have interdependencies. Uninstalling services 
can leave the server in an undesirable state. Instead, we recommend disabling the service. 

Log in as root and start YaST. 

Click System > System Services (Runlevel). 

Select Expert Mode. 


1 
2 
3 
4 Select the applicable_service_name, then click Set/Reset > Disable the service. 
5 Repeat Step 4 for each service you want to disable. 

6 


Click Finish to exit the YaST Runlevel tool. 


NOTE: YaST does not support removing products that create objects or attributes in eDirectory. You 
need to use iManager to remove these objects and attributes. For procedures, see Deleting an Object 
in the Novell iManager 2.7.4 Administration Guide. 
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Reconfiguring eDirectory and OES 
Services 


If the eDirectory database becomes corrupt, you need to reconfigure eDirectory and the OES 
services. This section outlines the steps to be performed, depending on the role of the server with 
regard to your eDirectory tree. 


If a backup of the eDirectory database is not available, you can contact Novell Support or perform the 
following procedures: 

¢ Section 15.1, “Cleaning Up the eDirectory Server,” on page 227 

¢ Section 15.2, “Reconfiguring the eDirectory Server through YaST,” on page 229 

¢ Section 15.3, “Reconfiguring OES Services,” on page 229 

¢ Section 15.4, “Re-configuring iManager,” on page 233 


15.1 Cleaning Up the eDirectory Server 


IMPORTANT: The instructions in this section have been tested and approved, but it is impossible to 
anticipate all customer scenarios and the complications that might arise in them.Therefore, we urge 
that you only proceed when you have problems with eDirectory that aren't resolved by performing 
regular eDirectory maintenance tasks, or when Novell Technical Support recommends that you do. 


¢ Section 15.1.1, “Before You Clean Up,” on page 227 

¢ Section 15.1.2, “Reconfiguring the Replica Server,” on page 228 
¢ Section 15.1.3, “Reconfiguring the CA Server,” on page 228 

¢ Section 15.1.4, “Cleaning Up eDirectory,” on page 228 


15.1.1 Before You Clean Up 


+ Before the cleanup, make a note of the following eDirectory configuration parameters: 
+ eDirectory tree name 
¢ Replica server IP 
+ eDirectory admin context 
¢ eDirectory server context 
+ IP address of servers running NTP and SLP services 


¢ If you are cleaning the master replica server, ensure that you make a read-write replica as a 
master. For more information, see Section 15.1.2, “Reconfiguring the Replica Server,” on 
page 228. 


¢ Ifthe reconfiguration is performed on a CA server, transfer the role of CA server to another 
server or create a new CA server. If you don’t do this, the CA does not work. For more 
information, see Section 15.1.3, “Reconfiguring the CA Server,” on page 228. 
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15.1.2 Reconfiguring the Replica Server 


1 If the corrupted server is a master replica, make any other replica into the master replica. 


For more information, refer to Managing Partitions and Replicas (http://www.novell.com/ 
documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2iliik.html) in the NetIQ 
eDirectory 8.8 Administration Guide. 


2 Clean up the replica server. 
For more information, see Section 15.1.4, “Cleaning Up eDirectory,” on page 228. 
3 Reconfigure the replica server. 


For more information, see Section 15.2, “Reconfiguring the eDirectory Server through YaST,” on 
page 229. 


4 On successful reconfiguration of the replica server, continue with Section 15.3, “Reconfiguring 
OES Services,” on page 229. 


15.1.3 Reconfiguring the CA Server 


1 If the corrupted server is a CA server, transfer the CA server role to another server or create a 
new CA server. 


For more information, refer to Moving the Organizational CA to a Different Server (http:// 
www.novell.com/documentation/crt33/crtadmin/data/a2ebop8.html#acea8nu) and Creating a 
Server Certificate Object (http://www.novell.com/documentation/crt33/crtadmin/data/ 
fogcdhec.html) in the Novell Certificate Server 3.3.2 Administration Guide. 


2 Clean up the server. 
For more information, see Section 15.1.4, “Cleaning Up eDirectory,” on page 228. 
3 Reconfigure the server. 


For more information, see Section 15.2, “Reconfiguring the eDirectory Server through YaST,” on 
page 229. 


4 After successfully reconfiguring the server, continue with Section 15.3, “Reconfiguring OES 
Services,” on page 229. 


15.1.4 Cleaning Up eDirectory 


1 Use iManager to delete all the objects from the eDirectory tree. 
2 Stop the ndsd daemon: 
rcndsd stop 
3 Delete the eDirectory configuration file and eDirectory instance file.: 
rm -f /etc/opt/novell/eDirectory/conf/nds.conf 
rm -f /etc/opt/novell/eDirectory/conf/.edir/instances.0 
4 Delete the eDirectory database: 
rm -rf /var/opt/novell/eDirectory/data/dib 
5 Remove the server from the replica ring. 


For more information, see Section 17.7.1, Cleaning Up the Replica Ring (http:/Awww.novell.com/ 
documentation/edir88/edir88/?page=/documentation//edir88/edir88/data/agm7hq7.html) in the 
NetIQ eDirectory 8.8 Administration Guide. 
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15.2 


15.3 


Reconfiguring the eDirectory Server through YaST 


The eDirectory reconfiguration can be done on the Root partition Master replica server, a Read-Write 
replica server, a server without a replica, or the CA server. 

1 Open YaST. 

2 Click Open Enterprise Server > OES Install and Configuration. 

3 On the Software Selection Page, click Accept. 

The status of eDirectory service is displayed as Reconfigure is disabled. 
4 To reconfigure, click disabled to change the status to enabled. 
5 Click eDirectory to access the configuration dialog box. 


6 Provide all the eDirectory configuration information that was noted in Section 15.1.1, “Before You 
Clean Up,” on page 227: 


6a Verify the eDirectory tree name and click Next. 

6b Specify the admin password and click Next. 

6c Specify the server context and click Next. 

6d Specify the IP address of the Network Time Protocol Server. 


6e (Conditional) If SLP was configured earlier, select Configure SLP to use an existing 
Directory Agent, then click Add. 


6f Specify the SLP DA server IP address and click Add. 
6g Click Next. 
In the NetlQ Modular Authentication Service (NMAS) window, click Next. 


N 


8 Verify the listed configuration information and click Next. 
eDirectory is configured and installation is successfully completed. 
9 Click Finish. 


Reconfiguring OES Services 


After you have successfully configured eDirectory, some of the OES services are started by default, 
some services require a manual start, some services require the eDirectory objects to be re-created, 
and some services must be reconfigured. 
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15.3.1 


Table 15-1 Services 


Starts by Default 
SMS 

LUM 

NRM 

Novell FTP 
Novell iFolder 
Groupwise 
DST 

DFS 

WBFM 
Welcome Page 
CASA 

VLOG Utility 


Start Manually 
Novell AFP 
NCS 

Novell DHCP 
iPrint 

Novell Samba 
NetStorage 
iManager 


NTP 


Re-create Objects 


NSS 
NCP 


¢ Section 15.3.1, “Re-creating eDirectory Objects,” on page 230 


¢ Section 15.3.2, “Services Requiring Reconfiguration,” on page 231 


¢ Section 15.3.3, “Manually Starting Services,” on page 232 


Re-creating eDirectory Objects 


+ “Novell Storage Service” on page 230 


+ “NCP Server” on page 231 


Novell Storage Service 


Reconfigure 
Novell DNS 
Novell CIFS 
SLP 

NMAS 


Use the NSS Management utility to re-create the eDirectory objects for NSS pools and volumes. For 
additional information, see NSS Management Utility Quick Reference (http://www.novell.com/ 
documentation/oes11/stor_nss_lx/?page=/documentation/oes11/stor_nss_|x/data/boswzl1.html) in 
the NSS Administration Guide. 


1 Re-create the eDirectory object for each NSS pool: 


1a Start NSSMU by entering the following command at the command prompt: 


nssmu 


1b Select Pools and press Enter to list all the NSS pools. 


1c Select a pool that needs to be re-created and press F4. 


1d Select Yes when you are prompted to delete and re-create an NDS pool object. 


The selected NDS pool object is re-created. 


1e Repeat from Step ic for each NDS pool object that needs to be re-created. 
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2 Re-create the eDirectory object for each NSS volume: 
2a In NSSMU, select Volumes and press Enter to list all the NSS volumes. 
2b Select a volume and press F4. 
2c Select Yes when you are prompted to delete and re-create the NDS volume object. 
The selected volume object is re-created. 
2d Repeat from Step 2b for each NDS volume object that needs to be re-created. 
3 (Conditional) If the eDirectory object for ADMIN volume exists, execute the following command: 


rcadminfs restart 


NCP Server 


Use the NCP server console (NCPCON) utility to delete and re-create the eDirectory objects for the 
NCP volumes. For more information on the NCPCON utility, see NCP Server Console Utility (http:// 
www.novell.com/documentation/oes11/file_ncp_lx/?page=/documentation/oes11/file_ncp_Ix/data/ 
ba2un44.html) in the NCP Server for Linux Administration Guide. 


IMPORTANT: If restoration of the eDirectory database is not possible, simply delete the NCP server 
object. 


1 Delete the eDirectory object of the NCP volume by entering the following command: 
ncpcon remove volume SYS 
2 Re-create the eDirectory object of the NCP volume by entering the following command: 


ncpcon create volume SYS /usr/novell/sys 


15.3.2 Services Requiring Reconfiguration 


+ “Novell DNS” on page 231 
+ “Novell CIFS” on page 232 
+ “Novell SLP” on page 232 
+ “NMAS’” on page 232 


Novell DNS 


1 Open YaST. 
2 Click Open Enterprise Server > OES Install and Configuration. 
3 On the Software selection page, click Accept. 
The status of the Novell DNS service is displayed as Reconfigure is Disabled. 


4 To reconfigure the DNS service, click disabled to change the status to enabled. 


ol 


Click the DNS Services heading link and enter the admin password to access the configuration 
dialog box. 


Validate the displayed information and click Next. 
Ensure that the Create DNS Server Object check box is not selected, then click Next. 


Verify the configuration information and click Next. 


O ON 


Click Finish to complete the Novell DNS reconfiguration. 


Reconfiguring eDirectory and OES Services 231 


Novell CIFS 


1 Open YaST. 
2 Click Open Enterprise Server > OES Install and Configuration. 
3 Click Accept to skip the Software Selection page. 
The status of Novell CIFS service is displayed as Reconfigure is Disabled. 
4 To reconfigure CIFS, click the Disabled link to change the status to Enabled. 


5 Click the Novell CIFS services heading link and enter admin password to access the 
configuration dialog box. 


6 Validate the displayed information and click Next. 


7 Provide the user context and select the password policy of the previous CIFS configuration, then 
click Next. 


8 Verify the configuration information and click Next. 


9 Click Finish to complete the CIFS reconfiguration. 


Novell SLP 


The SLP DA IP address is added during eDirectory reconfiguration. See Step 6e on page 229 for 
more information. 


NMAS 


The NMAS login method is selected during eDirectory reconfiguration. See Step 7 on page 229 for 
more information. 


15.3.3 Manually Starting Services 


Re-create the eDirectory objects of NCP and NSS volumes as directed in the Section 15.3.1, “Re- 
creating eDirectory Objects,” on page 230, before starting the following services manually: 


Table 15-2 Manually Restarting Services 


Service Name Starting the Service 

Novell AFP rcnovell-afptcpd start 
Novell Cluster Service (NCS) rcnovell-ncs start 
NetStorage rcnovell-xregd start 


rcnovell-xsrvd start 


Samba Start the Samba service through iManager 
Novell DHCP rcnovell-dhcpd start 
iPrint rcnovell-ipsmd start 


rcnovell-idsd start 
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Service Name Starting the Service 


iManager After completing the OES installation, if iManager is 
installed without using YaST, Tomcat must be started 
manually. 


/etc/init.d/novell-tomcat6 start 


rcapache2 restart 


NTP rentpd restart 


15.4 Re-configuring iManager 


In case iManager is not configured properly or there has been an interruption during iManager 
installation, use the following procedure to reconfigure iManager. 


IMPORTANT: Before executing this reconfiguration procedure, ensure to backup all the custom tasks 
in iManager from \var\opt\novell\imanager\nps\portal\modules\custom. You can restore 
them after the reconfiguration. For more information on backing up and restoring the custom tasks, 
see Exporting Custom Tasks and Importing Custom Tasks under section Plug-In Studio of the Novell 
iManager 2.7.7 Administration Guide. 


To reconfigure: 


1 Ensure that the OES server is registered to NCC, and you have applied all the latest patches 
available in the patch channel using the zypper up command. For more information on patching 
using the zypper command, see Chapter 8, “Updating (Patching) an OES 2015 SP1 Server,” on 
page 177. 


2 After patching, ensure that the following path exists along with all the iManager plugins that you 
want to install: /var/opt/novell/iManager/nps/packages. 


NOTE: The reconfiguration script installs only the iManager plug-ins that are available at /var/ 
opt/novell/imManager/nps/packages. 


3 Run the following command to reconfigure iManager /var/opt/novell/iManager/ 
iManagerReconfiguration.sh tomcaté. 
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16.1 


16.2 


16.3 


Security Considerations 


This section includes issues that you should consider when installing and configuring a Novell Open 
Enterprise Server (OES) 2015 Linux server. 


¢ Section 16.1, “Access to the Server During an Installation or Upgrade,” on page 235 
¢ Section 16.2, “Remote Installations Through VNC,” on page 235 
¢ Section 16.3, “Improperly Configured LDAP Servers,” on page 235 


Access to the Server During an Installation or 
Upgrade 


Because eDirectory passwords are not obfuscated in system memory during the installation or 
upgrade, we recommend not leaving a server unattended during installation, upgrade, or 
configuration. 


You can use SSH (secure shell) to access the system to perform an installation. However, only 
authorized users can access the installation. 


Remote Installations Through VNC 


When you install the server, we recommend that you do not use Virtual Network Computing (VNC) for 
remote installation in an untrusted environment. Consider using one of the more secure options (such 
as SSH) as outlined in “Installation Scenarios for Remote Installation” in the SLES 11 SP4 
Deployment Guide (http://www.suse.com/documentation/sles11/book_sle_deployment/data/ 
cha_deployment_remoteinst.html). 


Improperly Configured LDAP Servers 


Issue 1: Improperly configured LDAP servers allow any user to connect to the server and query for 
information. 


An eDirectory LDAP server enables NULL BIND by default, but allows it to be disabled on the server. 
To enhance the security of the OES server, disable the NULL BIND on LDAP server port 389. See 
“Configuring LDAP Services for NetIQ eDirectory” in the NetIQ eDirectory 8.8 SP8 Administration 
Guide. 


Issue 2: Improperly configured LDAP servers allow the directory BASE to be set to NULL. This 
allows information to be culled without any prior knowledge of the directory structure. Coupled with a 
NULL BIND, an anonymous user can query your LDAP server through a tool such as LdapMiner. 


An eDirectory LDAP server allows the directory BASE to be set to NULL, and there is no way to 
disable it. However, with the NULL BIND disabled, as previously mentioned, the security threat posed 
by this feature is minimized. For more information on NULL BIND, see “Nessus Scan Results” in the 
NetIQ eDirectory 8.8 SP8 Administration Guide. 
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T Troubleshooting 


17.1 


This section presents information on troubleshooting the OES installation and configuration. 


¢ Section 17.1, “Executing kinit Command Fails in .LOCAL Domain,” on page 237 


¢ Section 17.2, “The OES Service Pattern Icons are not Displayed and OES Patterns are not in 
the Proper Order,” on page 238 


¢ Section 17.3, “Package Conflict Occurs During the Add-On Install of Novell FTP Pattern,” on 
page 238 


¢ Section 17.4, “The Health Check Option for CA is not Displayed in iManager,” on page 239 


¢ Section 17.5, “Deleting the Existing eDirectory Objects when Reinstalling the OES Server or 
Reconfiguring the eDirectory,” on page 240 


¢ Section 17.6, “eDirectory User Password Screen Does Not Show Up During an Upgrade,” on 
page 241 


¢ Section 17.7, “eDirectory Restart Results in an Error Message on a Non-DSfW Server,” on 
page 241 


¢ Section 17.8, “Problem In Assigning IP Address For autoinst.xml-based Installations,” on 
page 242 


¢ Section 17.9, “iManager not Configured or Installed Properly,” on page 242 


¢ Section 17.10, “eDirectory Restart Results in an Error Message on a Non-DSfW Server,” on 
page 242 


¢ Section 17.11, “The DEFAULT SLP Scope Gets added to the slp.conf File During an Upgrade to 
OES 2015,” on page 242 


¢ Section 17.12, “The change_proxy_pwd.sh Script Fails to Synchronize Password,” on page 243 


¢ Section 17.13, “OES Installation Fails Due to Encrypted OES Media URL in the autoinst.xml 
File,” on page 243 


¢ Section 17.14, “Installing or Upgrading to OES 2015 SP1 using AutoYaST Creates the OES 
Repository Name Using Random Characters,” on page 244 


¢ Section 17.15, “Verification of the Container Object Fails During the AD Domain Join Process,” 
on page 244 


Executing kinit Command Fails in .LOCAL Domain 


If mDNS is installed in OES and .LOCAL domain is used, the DNS name resolution on LOCAL 
domain by default go to mDNS and kinit utility try to resolve the hostname of the domain controller. 
The mDNS is installed in OES as part of AFP installation. If mDNS is not properly configured in the 
network, then the name resolution and kinit fails. 


To resolve this issue, change the order of name resolution method in /etc/nsswitch.conf as 
follows: 


Old configuration: "hosts: files mdns4_minimal [NOTFOUND=return] dns" 


New configuration: “hosts: files dns mdns4_minimal [NOTFOUND=return]" 


Troubleshooting 237 


17.2 


17.3 


The OES Service Pattern Icons are not Displayed 
and OES Patterns are not in the Proper Order 


To install or configure any new OES service, OES media should be available and the priority should 
be higher than the OES pools repositories. This issue occurs when the OES media is not available or 
the media has lower or equal priority than the OES pool. 


To resolve this issue, add OES media. If the problem still exist, run the following command to 
increase the OES media priority. 


zypper mr -p <priority> <OES_medianame> 


For example, zypper mr -p 98 OES media 


Package Conflict Occurs During the Add-On 
Install of Novell FTP Pattern 


If you select Patterns > OES Services > Novell FTP during the Add-On installation, a package conflict 
warning message is displayed. 


The following warning messages might be displayed during the Add-On install. 


A pattern:novell-ftp-15-0.11.8.x86_64 requires novell-pure-ftpd-config, but this requirement cannot be provided 


uninstallable providers: novell-pure-ftpd-config-1.5.0-24.1.x86_64[Novell-Open-Enterprise-Servet-2015-SP1_2015.1.1-1.64] 
Conflict Resolution, 


do not install pattern:novell- = 15-0.11.8 x86 64 
D break pattern: novell-ftp-15-0.11.8.x86_64 by ignoring some of its dependencies 


OK -- Try Again Expert ~ Cancel 
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Warning 


A pattern:novell-ftp-15-0.11.10.x86_64 requires novell-pure-ftpd-config, but this requirement cannot be provided 


uninstallable ase novell-pure-ftpd-config-1.5.0-0.10.23.x86_64[Novell-Open-Enterprise-Server-2015-SP1_2015.1.1-1.99] 


[OK - Tiy Again | | Expert ~] | 


To resolve this issue, do the following: 


1. Select the replacement option highlighted in both the warning messages. 
2. Click OK -- Try Again. 


17.4 The Health Check Option for CA is not Displayed 
in iManager 


The Health Check - Follow CA’s Signing Algorithm check box is not displayed in iManager, NetIQ 
Certificate Server > Configure Certificate Authority > General tab. This might randomly occur on 
applying the January 2016 patch. 
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17.5 


NetIQ iManager 


A] Roles and Tasks 


CN=HV_TREE CA.CN=Security Ed 
[All Categories] tl i !C!C!~C;~<;2C;?;S~S;~;S;7SC;S;3CS;S!~S;S;S*<i<=Ct*‘é‘‘“(RR((C‘C 
a oo, GEER Certificates \ CRL 


Directory Administrati 
sot Aetcouteierinleor Distinguished name: CN=HV_TREE CA.CN=Security 


SONY, CaaS e Host server: hvserver.emg 
eDirectory Encryption 
eDirectory Maintenance X.509 Certificate Self-Provisioning 
aia ; = 5 
G ¥ Require read rights to operate the CA 
geen M Require write rights to operate the CA 
Help Desk a 
S j ee z ¥ Enable server self-provisioning 
Kerberos Management = 


7] Health Check - Force default certificate creation /update on CA change 


LDAP 1 
PERES ; 4|Health Check - Follow CA's Signing Algorithm 

NetIQ Cortificato Access- F Enable user self-provisioning 

NetiQ Certificate Server F Allow any authenticated user to issue an emergency CRL 
Configure Certificate Authority 
Create CRL Object 
Create Default Certificates 
Create SAS Service Object 


Create Server Certificate 


Create Trusted Root 

Create Trusted Root Container 
Create User Certificate 

Issue Certificate 

Repair Defautt Certificates 


NMAS Management 


Partitions and Replicas OK Cancel Apply 


To resolve this issue, do the following: 


1. Delete all the contents of the /var/opt/novell/tomcat6/work/Catalina/localhost/nps 
folder. 


Ensure to delete the JSPs files that are cached in the nps folder. 
2. Restart Tomcat. 


/etc/init.d/novell-tomcat6 restart 


The option will now be displayed in iManager. 


Deleting the Existing eDirectory Objects when 
Reinstalling the OES Server or Reconfiguring the 
eDirectory 


When you reinstall an existing OES server with the same name or reconfigure eDirectory, the system 
might throw an error prompting to delete the existing eDirectory objects. 


Before clicking Retry, ensure to delete the following objects using iManager. Else, the OES re- 
installation or eDirectory reconfiguration will not proceed. 


The list of objects that must be deleted: 


+ NCP Server Object 
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17.6 


17.7 


+ HTTP Server Object 

¢ SAS Objects 

+ SNMP Group Objects 

+ LDAP Server and Group objects 

+ Certificates (IP AG, SSL Certificate IP, DNS AG, and SSL Certificate DNS) 


eDirectory User Password Screen Does Not Show 
Up During an Upgrade 


When you upgrade an OES 2 server to OES 2015 SP1, the eDirectory pattern will not be selected as 
part of the product listing and the eDirectory user password screen will not show up. 


To resolve this issue follow any of these methods: 


1. Before starting an upgrade, ensure to install the following packages in the OES 2 server: 
è nici64 
¢ novell-dclient-32bit 
+ novell-nmas-libspmcint-32bit 
¢ novell-NDSbase-32bit 
+ novell-edirectory-tsands-32bit 


2. During an upgrade, in the Installation Settings Screen, search and select the packages listed 
above and then proceed with the upgrade. 


3. If you are upgrading using AutoYaST, ensure to add the packages listed above as part of the 
autoup.xml file. Add them to the <software> section and then proceed with the upgrade. 


<software> 
<packages config:type="list"> 
<package>novell-NDSbase-32bit</package> 
<package>novell-edirectory-tsands-32bit</package> 
<package>novell-nmas-libspmclnt -32bit</package> 
<package>nici64</package> 
<package>novell-dclient -32bit</package> 
</packages> 
</software> 


eDirectory Restart Results in an Error Message on 
a Non-DSfW Server 


On a non- DSfW Server, if you restart eDirectory, the following error message is received: “Method 
load failed: libxadnds.so.2: cannot open shared object file: No such file or directory.” This is because 
3 NMAS methods (IPCExternal, Kerberos, and Negotiate) fail to load on the server. 


These NMAS methods that are specific to DSfW are part of the novell-xad-nmas-methods rpm and 
depend on the libraries from the novell-xad-framework rpm. Since the novell-xad-framework rpm is 
part of the DSfW pattern and is installed only on a DSfW server, you receive this error message on a 
non-DSfW server. 


If you receive this error message, you can ignore this message as these DSfW NMAS methods do 
not function in a non-DSfW server and do not impact any eDirectory functionality. 
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17.8 


17.9 


17.10 


17.11 


Problem In Assigning IP Address For 
autoinst.xml-based Installations 


When you use the autoinst.xml for a new installation, you will not be able to set the IP address on 
the target server unless the following change is made: 


Before starting the installation, remove the <net -udev> tags along with its contents from the 
autoinst.xml file, and then use modified file for the new installation. 


OR 


Before starting the installation, edit the autoinst.xml file and change the mac address in the following 
tag <\value> enter mac address of the target server </value> that is available under the 
<net -udev> tag. 


iManager not Configured or Installed Properly 


If iManager is not configured properly or there has been an interruption during iManager installation, 
see Section 15.4, “Re-configuring iManager,” on page 233 to reconfigure iManager. 


eDirectory Restart Results in an Error Message on 
a Non-DSfW Server 


On a non- DSfW Server, if you restart eDirectory, the following error message is received: “Method 
load failed: libxadnds.so.2: cannot open shared object file: No such file or directory.” 


This is because three NMAS methods (IPCExternal, Kerberos, and Negotiate) fail to load on the 
server. These NMAS methods that are specific to DSfW are part of the novell-xad-nmas-methods 
rpm and depend on the libraries from the novell-xad- framework rpm. Since the novell-xad- 
framework rpm is part of the DSfW pattern and is installed only on a DSfW server, you receive this 
error message on a non-DSfW server. 


If you receive this error message, you can ignore this message as these DSfW NMAS methods do 
not function in a non-DSfW server and do not impact any eDirectory functionality. 


The DEFAULT SLP Scope Gets added to the 
slp.conf File During an Upgrade to OES 2015 


When you upgrade an OES server that is configured as an SLP DAto OES 2015, the DEFAULT SLP 
scope gets added to the slp.conf file along with the SLP scope configured by you. This might result 
in adding extra load to the OES server. 


To prevent the extra load, remove the term DEFAULT from the following line in the /etc/s1p.conf file, 
and restart the OES server for the changes to take effect. 


net.slp.useScopes = DEFAULT,<slp scope configured by you> 


NOTE: This issue is not applicable to OES servers that point to an SLP DA or whose SLP scope is 
DEFAULT. 


This issue will not be seen in upgrades from OES 2015 to future OES releases. 
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17.12 


17.13 


The change_proxy_pwd.sh Script Fails to 
Synchronize Password 


Whenever the common proxy user password is not synchronized across CASA, eDirectory and 
various other OES services, the change_proxy_pwd.sh script fails with the following error: NDS error 
failed authentication -669. 


To resolve: 
1 Take a note of the current proxy user name and password using the following commands: 


/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username 
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password 


2 Try logging into NDS using the following command: ndslogin <proxy user name in dot 
format>. Example: ndslogin cn=0ESCommonProxy_wgp-drs22.o=novell. 


Successful login indicates that the common proxy credentials are in sync with eDirectory and 
CASA. If the login is unsuccessful, change the common proxy user password in eDirectory using 
iManager, then follow Step 1 and Step 3. 


3 To synchronize the passwords across CASA, eDirectory and various other OES services, export 
the proxy user password to the service specific environment variable, then run the service 
specific proxy credential script (<service_name>_update_proxy_cred. sh) that is available at / 
opt/novell/<service_name>/bin. 


For example, to synchronize the password of the CIFS service with CASA and eDirectory: 


+ Export the proxy user password to the CIFS environment variables using the export 
OES_CIFS_DATA="proxy user password retrieved in Step 1" command. 


+ Run the CIFS proxy credentials update script using the /opt/novell/cifs/bin/ 
cifs_update_proxy_cred.sh <specify proxy username retrieved in Step 1> 
command. 


Repeat this step for each of the services installed on your OES server. 


OES Installation Fails Due to Encrypted OES 
Media URL in the autoinst.xml File 


The autoinst.xml file generated on an OES server that is subscribed to the NCC channel will have 
the OES media URL in an encrypted form. An OES installation with that XML file will fail with the 
following error: “failed to add add-on product.” 


To resolve this issue, replace the OES media URL with the actual installation source path and retry 
the installation. 


<add_on_products config: type="list"> 
<listentry> 
<media_url><! [CDATA[https:// 
866254f853cb4f668594269ececO5dd9 : F62283a76d964e4b8c0cebd447 fdd54a@nu.novell.com/ 
repo/$RCE/0ES11 - SP2-Pool/sle-11-x86_64] ]></media_url> 
<product>Open_Enterprise_Server</product> 
<product_dir></product_dir> 
</listentry> 
</add_on_products> 
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17.14 


17.15 


Installing or Upgrading to OES 2015 SP1 using 
AutoYaST Creates the OES Repository Name 
Using Random Characters 


Before you start the installation of OES 2015 SP1, ensure to edit the autoinst. xml file and modify 
the OES alias name to a meaningful one. Else, the OES alias name will be displayed in some random 
characters. 


<add_on_products config: type="list"> 
<listentry> 
<media_url><! [CDATA[http://192.168.1.1/instal1/0ES2015/GMC/x86_64] ]></ 

media_url> 
<product>Open_Enterprise_Server</product> 
<product_dir>/</product_dir> 
<name>MyOES_name</name> 
<alias>MyOES_alias</alias> 

</listentry> 
</add_on_products> 


Verification of the Container Object Fails During 
the AD Domain Join Process 


“Error: Verification of container object failed. Ensure that the AD Server is reachable.” 


If you encounter the above error during the AD domain join process, ensure that you have set the 
following: 


+ AD server's reverse lookup entry (IPv4) in the DNS server before the domain join operation is 
performed. 


+ AD domain name to which the OES server will be joined to as part of the Domain Search in OES 
server network settings. 
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A.1 


OES 2015 SP1 File and Data 
Locations 


This section contains information about the general rules and conventions that Novell follows when 
determining where various data types and program components are stored on the Linux file system. 


Where possible, we have tried to ensure that Open Enterprise Server (OES) 2015 SP1 components 
follow Linux Standard Base (LSB) requirements regarding file location. Efforts to do this are detailed 
here. 


¢ Section A.1, “General Rules,” on page 245 
¢ Section A.2, “Exceptions,” on page 246 


General Rules 


Where possible, product design has followed these rules: 
+ lopt/novell: Contains all static data in the following standard subdirectories. 
/opt/novell/bin Executable files that are used by multiple products or are 
intended to be executed by an end user. 


/opt/novell/product/sbin Executable files that are used only by a product and are 
not executed by an end user. 


/opt/novell/1lib Shared libraries that are used by multiple products and 

shared or static libraries that are part of an SDK. 
/opt/novell/include Header files for SDKs, typically in a product subdirectory. 
/opt/novell/1ib64 Contains 64-bit shared libraries. 


+ Jetc/lopt/inovell: Generally contains host-specific configuration data. 
If a product has a single configuration file, itis named product or service.conf. 


If a product uses multiple configuration files, they are placed in a subdirectory named for the 
product or service. 


¢ letc/loptinovell/service_name: Contains various OES service configuration files. 
¢ Ivarloptinovell: Contains all variable data. 


Variable data (data that changes during normal run time operations) is stored in a product or 
service subdirectory. 


+ Ivarloptinovell/log: Generally contains log files. 
If a product or service has a single log file, it is stored in a file with the product or service name. 


If a product or service has multiple log files, they are stored in a subdirectory named for the 
product or service. 
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¢ Ivarllog: Contains the log messages and the YaST logs. 
¢ All files and directories that could not follow the above rules have the prefix novell- where 
possible. 


A.2 Exceptions 


Some files must reside in nonstandard locations for their products to function correctly. Two examples 
are init scripts, which must be in /etc/init.d, and cron scripts, which must be in /etc/cron.d. 
When possible, these files have a novell- prefix. 


When standard conventions preclude the use of prefixes (such as PAM modules, which use suffixes 
instead of prefixes), the standard conventions are followed. 
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AutoYaST XML Tags 


This section describes the XML tags used in the autoinst. xml, which is generated during the OES 
clone process. For more information on the XML tags related to SLES, see SUSE Linux Enterprise 
Server 11 SP4 AutoYaST (https://www.suse.com/documentation/sles11/singlehtml/book_autoyast/ 
book_autoyast.html). 


NOTE: The description of tags provided here are for information only. Do not modify any of the tags in 
a real-time environment other than the ones specified in the Section 9.4, “Cloning an OES Server 
Post OES Installation and Configuration,” on page 197 section. All the passwords stored in the 
autoinst.xml file will be in clear text. 


¢ Section B.1, “edirectory,” on page 247 

¢ Section B.2, “imanager,” on page 253 

¢ Section B.3, “iprint,” on page 253 

¢ Section B.4, “ncpserver,” on page 253 

¢ Section B.5, “ncs,” on page 254 

¢ Section B.6, “netstorage,” on page 255 

¢ Section B.7, “novell-afp,” on page 256 

¢ Section B.8, “novell-cifs,” on page 257 

¢ Section B.9, “novell-dhcp,” on page 258 

¢ Section B.10, “novell-dns,” on page 259 

¢ Section B.11, “novell-ifolder3,” on page 260 
¢ Section B.12, “novell-lum,” on page 264 

¢ Section B.13, “novell-samba,” on page 265 
¢ Section B.14, “nss,” on page 267 

¢ Section B.15, “oes-lIdap,” on page 267 

¢ Section B.16, “sms,” on page 268 


¢ Section B.17, “novell-nssad,” on page 268 


B.1 edirectory 


Attribute Name Description 


casa_store Always set this to 'yes' so that the proxy credentials are stored in CASA. 


Example: <casa_store>yes</casa_store> 
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Attribute Name 


cert_mutual 


challenge_response 


create_server_object 


dib_location 


digest_md5 


domain_name 


existing_dns_ip 


group_context 


host_name 


http_port 


https_port 


install_secretstore 


AutoYaST XML Tags 


Description 


Set this to 'yes' when you want to implement the Certificate Mutual login 
method. It implements the Simple Authentication and Security Layer (SASL) 
EXTERNAL mechanism, which uses SSL certificates to provide client 
authentication to eDirectory through LDAP. 


Example: <cert_mutual>no</cert_mutual> 


Set this to 'yes' when you want to enable the Challenge-Response login 
method. It works with the Identity Manager password self-service process. This 
method allows either an administrator or a user to define a password challenge 
question and a response, which are saved in the password policy. Then, when 
users forget their passwords, they can reset their own passwords by providing 
the correct response to the challenge question. 


Example: <challenge_response>yes</challenge_response> 

Set this to 'Yes' when you want to create a DNS server object. 

Example: <create_server_object>yes</create_server_object> 

Specify the path of the nds databse. 

Example: <dib_location>/var/opt/novell/eDirectory/data/dib</dib_location> 


Set this to 'yes' when you want to implement the the Digest MD5 login method. 
It implements the Simple Authentication and Security Layer (SASL) DIGEST- 
MD5 mechanism as a means of authenticating the user to eDirectory through 
LDAP. 


Example: <digest_md5>no</digest_md5> 


Specify the DSfW DNS domain name. The value of this tag and 
xad_domain_name tag should be same. 


Example: <domain_name>acme.com</domain_name> 
Specify the existing DNS server IP address. 

Example: <existing_dns_ip>192.168.1.1</existing_dns_ip> 
Specify the DNS DHCP group object context. 


Example: 
<group_context>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</ 
group_context> 


Specify the host name of the current server where the installation is being done. 
Example: <host_name>acme-208</host_name> 


Specify the HTTP port of the eDirectory server where the installation is being 
done. 


Example: <http_port config:type="integer">8028</http_port> 
Specify the HTTPS port of the current eDirectory server. 
Example: <https_port config:type="integer">8030</https_port> 
Set to 'yes' when you want to install the secret store. 


Example: <install_secretstore>yes</install_secretstore> 


Attribute Name 


install_universalstore 


Idap_basedn 


Idap_server 


locator_context 


migrate_option 


nds 


ntp_server_list 


overwrite_cert_files 


replica_server 


runtime_admin 


runtime_admin_password 


Description 


Set to 'yes' when you want to install the universal store. 
Example: <install_universalstore>no</install_universalstore> 


Specify the DNSs server's CN name. This is required only in case of DSfW 
server. 


Example: 
<Idap_basedn>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme ,dc=com</ 
Idap_basedn> 


Specify the IP address of the DNS LDAP server. 
Example: <Idap_server>192.168.1.1</Idap_server> 


Specify the DNS locator object context where the DNS servers or zones are 
present. 


Example: 
<locator_context>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</ 
locator_context> 


Always set this to 'no' as the migrate NKDC realm to DSfW domain is 
discontinued. 


Example: <migrate_option>no</migrate_option> 


Set to this to 'yes' when you want to use the NDS login method that provides 
secure password challenge-response user authentication to eDirectory. 
Example: <nds>yes</nds> 


Specify reliable NTP servers IP addresses. 

Example: 

<ntp_server_list config:type="list"> 
<listentry>192.168.1.5</listentry> 

</ntp_server_list> 


Set this to 'yes' when you want eDirectory to automatically back up the currently 
installed certificate and key files and replace them with files created by the 
eDirectory Organizational CA (or Tree CA). 


Example: <overwrite_cert_files>yes</overwrite_cert_files> 
Specify the IP address of the master eDirectory server. 
Example: <replica_server>192.168.1.5</replica_server> 
Specify the common proxy user context of the DNS. 


Example: 
<runtime_admin>cn=OESCommonProxy_host1,ou=OESSystemObjects,dc=ac 
me,dc=com</runtime_admin> 


Specify the common proxy DNS password. 


Example: <runtime_admin_password>SAM23#$</runtime_admin_password> 
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Attribute Name 


sasl_gssapi 


server_context 


server_object 


simple_password 


slp_backup 


slp_backup_ interval 


slp_da 


slp_dasync 


Slp_mode 
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Description 


Set this to 'yes' when you want to implement the SASL GSSAPI login method. It 
implements the Generic Security Services Application Program Interface 
(GSSAPI) authentication using the Simple Authentication and Security Layer 
(SASL) that enables users to authenticate to eDirectory through LDAP using a 
Kerberos ticket. 


Example: <sasl_gssapi>no</sasl_gssapi> 


Specify the eDirectory server context where there eDirectory server object 
needs to be created. 


Example: <server_context>ou=wdc,o=acme</server_context> 


Specify the eDirectory server object name that has the object name and 
context. 


Example: <server_object>cn=DNS_edir-acme- 
208,ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</ 
server_object> 


Set this to 'yes' when you want to implement the Simple Password NMAS login 
method. It provides password authentication to eDirectory. The Simple 
Password is a more flexible but less secure alternative to the NDS password. 
Simple Passwords are stored in a secret store on the user object. 


Example: <simple_password>no</simple_password> 


Set this to 'yes' when you want the SLP server to periodically back up all 
registrations. This works only when the server is configured as a DA (Directory 
Agent). 


Example: <slp_backup>yes</slp_backup> 


Specify the SLP backup time in seconds. The default is (900 seconds or 15 
minutes). If the server is configured as Director Agent, this value will be used. 


Example: <slp_backup_interval>900</slp_backup_interval> 

Specify the list of IP addresses of the SLP Directory Agents. 

Example: 

<slp_da config:type="list"> 
<listentry>198.162.1.1</listentry> 

</slp_da> 


Set this to 'yes' when you want to enable SLPD to sync service registration 
between SLP Das on startup. If the server is configured as Director Agent, this 
value be used. 


Example: <slp_dasync>no</slp_dasync> 


Specify the SLP mode to multicast, da, or da_server. By default, it is set to 
multicast. 


Example: <slp_mode>da</slp_mode> 


Attribute Name Description 


slp_scopes This is a comma delimited list of strings indicating the only scopes a UA or SA is 
allowed when making requests or registering or the scopes a DA must support. 
The default value is DEFAULT. 


Example: <slp_scopes>DEFAULT</slp_scopes> 

tls_for_simple_binds Set this to 'yes' when you require TLS for SIMPle binds with passwords. 
Example: <tls_for_simple_binds>yes</tls_for_simple_binds> 

tree_type Specify the type of eDirectory tree: new or existing. 
Example: <tree_type>new</tree_type> 


use_secure_port Set this to 'yes' when you want the DNS to use the secure port for 
communication in an DSfW environment. 


Example: <use_secure_port>yes</use_secure_port> 
xad_admin_password Specify the DSfW domain administrator password. 
Example: <xad_admin_password>SAM23#$</xad_admin_password> 


xad_config_dns Set this to 'yes' when you want to configure this domain controller also as a 
DNS server. 


Example: <xad_config_dns>yes</xad_config_dns> 


xad_convert_existing_contain Set this to 'yes' for name mapped installations. In named mapped installations, 
er the DSfW domain is mapped to an already existing eDirectory partition in the 
eDirectory tree. 


Example: <xad_convert_existing_container>no</ 
xad_convert_existing_container> 


xad_domain_name Specify the DSfW DNS domain name. The value of this tag and domain_name 
tag should be same. 


Example: <xad_domain_name>acme.com</xad_domain_name> 
xad_domain_type Specify the DSfW domain type: forest, domain or controller. 
+ Forest: Use it for the first domain in the DSfW forest. 


+ Domain: Use it for the subsequent child domain(s) in the DSfW forest. 


+ Controller: Use it for subsequent domain controller(s) for any DSfW 
domain in the DSfW forest. 


Exmple: <xad_domain_type>forest</xad_domain_type> 


xad_existing_container Specify the eDirectory partition that the DSfW domain is being mapped to. This 
is effective only when the xad_convert_existing_container tag is set to 'yes’. 


Example: <xad_existing_container>ou=OESSystemObjects, o=acme</ 
xad_existing_container> 


xad_forest_root Specify the forest root domain name in the DSfW forest. 


Example: <xad_forest_root>acme.com</xad_forest_root> 
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Attribute Name 


xad_ldap_admin_context 


xad_ldap_admin_password 


xad_netbios 


xad_parent_domain 


xad_parent_domain_address 


xad_parent_domain_admin_c 
ontext 


xad_parent_domain_admin_ 
password 


xad_replicate_partitions 


xad_retain_policies 
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Description 


Specify the eDirectory tree admin context. 


In a name-mapped installation, for all the modes of DSfW installation, this tag 
will point to the (existing) eDirectory tree's tree administrator. Example: 
cn=admin,ou=admins,o=acme. 


<xad_Idap_admin_context>cn=admin,ou=admins,o=acme</ 
xad_ldap_admin_context> 


In anon-name mapped installation, the forest root domain administrator is also 
the eDirectory tree administrator. For all the modes of installation, this tag will 
point to the forest root domain administrator. For example, for the forest root 
domain acme.com, the default forest domain administrator will be 
<xad_Idap_admin_context>cn=administrator,cn=users,dc=acme,dc=com</ 
xad_ldap_admin_context> 


For example, for the child domain sales.example.com, the default forest domain 
administrator will be 
<xad_Idap_admin_context>cn=administrator,cn=users,dc=example ,dc=com</ 
xad_ldap_admin_context> 


Specify the eDirectory tree administrator password. 


Example: <xad_Idap_admin_password>SAM23#$</ 
xad_ldap_admin_password> 


Specify the NetBIOS name of the DSfW domain. 
Example: <xad_netbios>EXAMPLE</xad_netbios> 


Specify the DSfW domain name of immediate DSfW parent domain. For 
example, for a domain sales.acme.com, the value will be, 
<xad_parent_domain>acme.com</xad_parent_domain> 


Specify the IP address of any one of the parent DSfW domain controller. For 
example, for the domain sales.acme.com, specify the IP address of the DSfW 
DC hosting the domain acme.com. 
<xad_parent_domain_address>192.168.1.1</xad_parent_domain_address> 


Specify the immediate DSfW parent domain's administrator context. For 
example, for the domain sales.acme.com, 
<xad_parent_domain_address>cn=administrator,cn=users,dc=acme ,dc=com</ 
xad_parent_domain_address> 


Specify the immediate DSfW parent domain's administrator password. 


Example: <xad_parent_domain_admin_password>SAM23#$</ 
xad_parent_domain_admin_password> 


Always set this to 'yes'. This indicates that the replicas of the configuration and 
schema partitions will be added to the local domain controller. 


Example: <xad_replicate_partitions>yes</xad_replicate_partitions> 


Set this to 'yes' when you want to retain the existing NMAS universal password 
policies. 


Example: <xad_retain_policies>yes</xad_retain_policies> 


NOTE: If set to 'no', the DSfW configuration will override the existing password 
policies if any. 


B.2 


B.3 


B.4 


Attribute Name 


xad_service_configured 


xad_site_name 


xad_wins_server 


imanager 


Attribute Name 


configure_now 


install_plugins 


iprint 


Attribute Name 


Idap_server 


top_context 


ncpserver 


Attribute Name 


configure _now 


Description 


Always specify this value to 'yes' when you want to configure DSfW. 
Example: <xad_service_configured>yes</xad_service_configured> 


Specify the site name to which this domain controller should be associated with. 
Otherwise the default value should be 'Default-First-Site-Name'. 


Example: <xad_site_name>Default-First-Site-Name</xad_site_name> 


Specify 'yes' when you want to configure the DSfW domain controller as WINS 
server. 


Example: <xad_wins_server></xad_wins_server> 


NOTE: Only one domain controller in a DSfW domain should be designated as 
WINS server. 


Description 

Set this to 'true' always in AutoYaST based installations. 

Example: <configure_now config:type="boolean">true</configure_now> 
Set to 'yes' to install all the iManager npms. 


Example: <install_plugins>yes</install_plugins> 


Description 


Specify the IP or DNS name of the LDAP server that is used for authentication 
by iPrint during secure printing and management operations. 


Example: <Idap_server>192.168.1.2</Idap_server> 


Specify the context (and its entire subtree) that is used to find the user during 
authentication. 


Example: <top_context>o=acme</top_context> 


Description 


Set this to 'true' always as NCP is a must for OES to work. 


Example: <configure_now config:type="boolean">true</configure_now> 
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B.5 ncs 


NOTE: Novell Cluster Services does not support using autoyast to configure cluster nodes for new 
clusters or existing clusters. If you create an autoyast file from a cluster node, you must remove or 
comment out the NCS section before you use it to build or rebuild a server. After the server is up and 
running successfully, you can manually configure the node for clustering by using the OES Install and 
Configuration option in YaST2. 


Attribute Name Description 


cluster_dn Specify the Fully Distinguished Name (FDN) of the cluster in comma- 
delimited typeful format. Each of the intermediate containers must already 
exist. The cluster name must be unique in that path. 


Example: <cluster_dn>cn=clus134,ou=ncs,o=acme</cluster_dn> 


cluster_ip Specify the IP address (in IPv4 format) assigned to the cluster. This is the 
Master IP Address that provides a single point for cluster access, 
configuration, and management. The cluster IP address is bound to the master 
node and remains with the master node regardless of which server is the 
master. The cluster IP address is required to be on the same IP subnet as the 
nodes in the cluster. 


Example: <cluster_ip>192.168.1.1</cluster_ip> 


config_type Specify whether the node is being configured for a "New Cluster" or an 
"Existing Cluster". 


Example: <config_type>Existing Cluster</config_type> 


Idap_servers Specify the IP address (in IPv4 format, comma-delimited with no spaces) 
of one or more LDAP servers in the tree that you want NCS on this server to 
use for LDAP (eDirectory) communications. If you specify multiple LDAP 
servers, the local LDAP server is recommended to be the first IP address in 
the list. The LDAP servers must have a master replica or a Read/Write replica 
of eDirectory. 


Example: <Idap_servers>192.168.1.1,192.168.1.2</Idap_servers> 


proxy_user Specify the NCS proxy user credentials--the username and password. The 
NCS proxy user is the user identity used by the NCS daemon to communicate 
with eDirectory (the LDAP server). In the proxy_user tag, specify the Fully 
Distinguished name of the NCS proxy user in comma-delimited typeful format. 
This might be one of the following users: 


+ OES Common Proxy User: This requires that the OES Common Proxy 
User is enabled in eDirectory for this server. This is the default choice. 
The OES Common Proxy user for each server has a different identity in 
eDirectory. If you specify the OES Common Proxy User, each nodes’ 
OES Common Proxy User is automatically added to the NCS 
Management group for the cluster <clustername>_MGT_GRP in the 
cluster container. 


+ LDAP Admin User: The LDAP Admin user that you used when you 
configured NCS on this server. This is the secondary default choice. 


+ Another Admin User: An existing LUM-enabled administrator user that 
you created to use as the NCS proxy user. 


Example: <proxy_user>cn=OESCommonProxy_avalon,o=acme</ 
proxy_user> 
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B.6 


Attribute Name 


proxy_user_password 


sbd_dev 


sbd_dev2 


sbd_size 


server_name 


start 


netstorage 


Attribute Name 


xtier_proxy_context 


xtier_proxy_password 


Description 


Specify the password for the specified user. If you specify the OES Common 
Proxy User, you should use the same password that you used in the 
eDirectory settings for this user. 


Example: <proxy_user_password>SAM23#$</proxy_user_password> 


If this is the first node in the cluster (that is, you specified a <config_type>New 
Cluster</config_type>), you typically specify a device to use for the SBD (split- 
brain detector). The device must already be initialized and marked as 
Shareable for clustering. Specify the leaf node name of the device, such as 
sdc. If the <sbd_dev> tag is not used, the SBD is not created. 


Example: <sbd_dev>sdc</sbd_dev> 


If this is the first node in the cluster and you are creating an SBD, you can 
mirror the SBD by specifying a second device to use for the mirror. The device 
must already be initialized and marked as Shareable for clustering. Specify the 
leaf node name of the device, such as sdd. 


Example: <sbd_dev2>sdd</sbd_dev2> 


Specify a size in MB to use for the SBD. Asingle size value applies to the SBD 
and its mirror (if specified). The size must be at least 8 MB. A minimum size of 
20MB is recommended. To use the maximum size (all free space on the 
device), specify a size of "-1". If you mirror the SBD, the maximum size is 
limited to the lesser of the free space available on either device. Specify only a 
value with no units. 


Example: 


+ For Default size: <sbd_size>8</sbd_size> 
+ For 1024 MB (1 GB): <sbd_size>1024</sbd_size> 


+ For Maximum size: <sbd_size>-1</sbd_size> 
Specify the hostname of the server where you are configuring. 
Example: NCS.<server_name>avalon</server_name> 


Specify whether to start NCS automatically after the configuration completes 
by specifying a start value of "Now". To start the NCS manually, specify "Later". 


Example: <start>Now</start> 


Description 


Specify the LDAP context for xtier proxy user. 


Example: <xtier_proxy_context>cn=OESCommonProxy_wdc34,o=acme</ 
xtier_proxy_context> 


Specify the password for xtier proxy user. 


Example: <xtier_proxy_password>SAM23#$</xtier_proxy_password> 
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Attribute Name 


Description 


Specify the IP address of the xtier server. 


xtier_server 


xtier_users_context 


Example: <xtier_server>192.168.1.1</xtier_server> 


Specify the LDAP context for the xtier users. 


Example: <xtier_users_context>o=acme</xtier_users_context> 


B.7 novell-afp 


Attribute Name 


Description 


Specify the IP address of the eDirectory LDAP server that AFP connects to at 


afp_Idap_server 


afp_proxy_user 


afp_proxy_user_password 


afp_edir_contexts 


subtree_search 


usercontext_rights 


install time. 
Example: <afp_Idap_server>192.168.1.2</afp_Idap_server> 


Specify the AFP proxy user FQDN in LDAP format used for searching AFP 
users in eDirectory at login time. 


Example: <afp_proxy_user>cn=afpproxy,o=acme</afp_proxy_user> 


If you are using common proxy for AFP, mention the user FQDN of the 
common proxy as shown below. 


<afp_proxy_user>cn=OESCommonProxy_localhostname,o=acme</ 
afp_proxy_user> 


Specify the password for the AFP proxy user. 
Example: <proxy_user_password>SAM23#$</proxy_user_password> 


Specify a list of AFP User contexts that are searched when the AFP user 
enters a user name for authentication. The server searches through each 
context in the list until it finds the user object. 


Example: 

<afp_edir_contexts config:type="list"> 
<listentry>ou=wdc,o=acme</listentry> 
<listentry>ou=prv,o=acme</listentry> 

</afp_edir_contexts> 

Set this value to 'yes' when you want to enable the subtree search feature. 

Example: <subtree_search>no</subtree_search> 


Set this to 'yes' for AFP proxy user to grant search rights over user contexts. 
This is required for subtree search feature. 


Example: <usercontext_rights>yes</usercontext_rights> 
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novell-cifs 


Attribute Name 


Idap_server 


cifs_Idap_port 


use_secure_port 


proxy_user 


create_new_user 


proxy_user_password 


use_casa_for_credentials 


server_context 


cifs_edir_contexts 


subtree_search 


Description 


Specify the IP address of the eDirectory LDAP server that AFP connects to at 
install time. 


Example: <Idap_server>192.168.1.2</Idap_server> 
Specify the LDAP port of the server specified in the Idap_server tag. 
Example: <cifs_Idap_port config:type="integer">636</cifs_ldap_port> 


Set this to 'yes' if the LDAP port is mentioned in cifs_Idap_port tag is a secure 
port, else no. 


Example: <use_secure_port>yes</use_secure_port> 


Specify the CIFS proxy user FQDN in LDAP format used for searching CIFS 
users in eDirectory at log time. 


Example: <proxy_user>cn=cifsproxy,o=acme</proxy_user> 


If you are using common proxy for AFP, mention the user FQDN of the 
common proxy as shown below. 
<proxy_user>cn=OESCommonProxy_localhostname,o=acme</proxy_user> 


Set this value to 'yes' when you want to create a CIFS proxy user at install 
time. 


Example: <create_new_user>no</create_new_user> 
Specify the password for the CIFS proxy user. 
Example: <proxy_user_password>SAM23#$</proxy_user_password> 


Set to 'yes' when you want to store the CIFS proxy user credentials in the 
local CASA store. Setting it to 'no' will store the credentials in an encrypted 
file locally. It is recommended to use CASA to store the CIFS Proxy user 
credentials. 


Example: <use_casa_for_credentials>yes</use_casa_for_credentials> 
Specify the context of the local NCP server. 
Example: <server_context>ou=wdc,o=acme</server_context> 


Specify a list of CIFS User contexts that are searched when the CIFS user 
enters a user name for authentication. The server searches through each 
context in the list until it finds the user object. 


Example: 

<cifs_edir_contexts config:type="list"> 
<listentry>ou=wdc,o=acme</listentry> 
<listentry>ou=prv,o=acme</listentry> 

</cifs_edir_contexts> 

Set this value to 'yes' when you want to enable the subtree search feature. 


Example: <subtree_search>no</subtree_search> 
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Attribute Name 


usercontext_rights 


Description 


Set this to 'yes' for CIFS proxy user to grant search rights over user contexts. 


This is required for subtree search feature. 


Example: <usercontext_rights>yes</usercontext_rights> 


B.9 novell-dhcp 


Attribute Name 


Description 


Specify the path of the LDAP CA file that contains the CA certificate. 


certificate_authority 


check_method 


client_certificate 


client_key 


dhcp_Idap_port 


group_context 


interfaces 


Idap_debug_file 


Example: <certificate_authority>/etc/opt/novell/certs/ca.pem</ 
certificate_authority> 


Specify what checks to perform on server certificate in a SSL/TLS session. 
Specify any one of the following options: 


+ Never: The server does not ask the client for a certificate. 


+ Allow: The server requests for a client certificate but if a certificate is not 
provided or a wrong certificate is provided, the session still proceeds 
normally. 


+ Try: The server requests for the certificate, if none is provided, the 
session proceeds normally. If a certificate is provided and it cannot be 
verified, the session is immediately terminated. 


+ Hard: The server requests for a certificate and a valid certificate must 
be provided, otherwise the session is immediately terminated. 


Example: <check_method>never</check_method> 
Specify the path of the LDAP CA file that contains the client certificate. 


Example: <client_certificate>/etc/opt/novell/certs/client.pem</ 
client_certificate> 


Specify the path of the LDAP client key file that contains the key file for the 
client certificate. 


Example: <client_key>/etc/opt/novell/certs/cli_key_cert.pem</client_key> 
Specify the LDAP port of the server specified in the Idap_server tag. 
Example: <dhcp_Idap_port config:type="integer">636</dhcp_Idap_port> 
Specify the DNS DHCP group object context. 


Example: 
<group_context>ou=OESSystemObjects,dc=sales,dc=wdc,dc=acme,dc=co 
m</group_context> 


Specify the network interface name. 
Example: <interfaces>eth0</interfaces> 
Specify the path of the DHCP configuration log file. 


Example: <Ildap_debug_file>/var/log/dhcp-Idap-startup.log</ 


Idap_debug_file> 


258 AutoYaST XML Tags 


B.10 


Attribute Name 


Idap_method 


Idap_referrals 
Idap_server 


Idap_user 


Idap_user_password 


locator_context 


server_context 


server_object_name 


use_secure_port 


use_secure_port_config 


novell-dns 


Attribute Name 


casa_store 


Description 
Specify static or dynamic. 


¢ Static, when you do not want the DHCP server to query the LDAP 
server for host details. 


+ Dynamic, when you want the DHCP server to query for host details 
front the LDAP server for every request. 


Example: <Idap_method>static</Idap_method> 

Set this to 'yes' when you want to enable LDAP referral. 
Example: <ldap_referrals>yes</Idap_referrals> 

Specify the IP address of the LDAP server. 

Example: <Idap_server>192.168.1.2</Idap_server> 
Specify the DHCP common proxy user context. 


Example: 
<ldap_user>cn=OESCommonProxy_host1,ou=OESSystemObjects,dc=sale 
s,dc=wdc,dc=acme,dc=com</Idap_user> 


Specify the common proxy DHCP password. 
Example: <Idap_user_password>SAM23#$</Idap_user_password> 
Specify the DHCP locator context. 


Example: 
<locator_context>ou=OESSystemObjects.dc=sales.dc=wdc.dc=acme.dc=co 
m</locator_context> 


Specify the DHCP server context. 


Example: 
<server_context>ou=OESSystemObjects.dc=sales.dc=wdc.dc=acme.dc=co 
m</server_context> 


Specify the DHCP server object name. 
Example: <server_object_name>DHCP_acme-208</server_object_name> 


Set it to 'yes' when you want to use a secure port for communicating with the 
LDAP server. 


Example: <use_secure_port>yes</use_secure_port> 
Set this to 'yes' when you want to use a secure port for DHCP configuration. 


Example: <use_secure_port_config>yes</use_secure_port_config> 


Description 


Set this to 'yes' when you want to store the DNS proxy credentials in CASA. 


Example: <casa_store>yes</casa_store> 
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Attribute Name 


create_server_object 


domain_name 


group_context 


host_name 


Idap_basedn 


Idap_server 


locator_context 


runtime_admin 


runtime_admin_password 


server_context 


use_secure_port 
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Attribute Name 


admin_alias 
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Description 

Set this to 'yes' when you want to create DNS server object. 
Example: <create_server_object>no</create_server_object> 
Specify the DNS domain name. 

Example: <domain_name>sales.acme.com</domain_name> 
Specify the DNS DHCP group object context. 


Example: 
<group_context>ou=OESSystemObjects,dc=sales,dc=wdc,dc=acme,dc=co 
m</group_context> 


Specify the host name of the current server where the installation is being 
done. 


Example: <host_name>acme-208</host_name> 
Specify the LDAP base DN context. 

Example: <Idap_basedn>o=acme</Idap_basedn> 
Specify the IP address of the LDAP server. 
Example: <Idap_server>192.168.1.2</Idap_server> 
Specify the DNS locator context. 


Example: 
<locator_context>ou=OESSystemObjects.dc=acme.dc=wdc.dc=acme.dc=c 
om</locator_context> 


Specify the common proxy user context of the DNS. 


Example: 
<runtime_admin>cn=OESCommonProxy_host1,ou=OESSystemObjects,dc 
=acme,dc=com</runtime_admin> 


Specify the common proxy DNS password. 


Example: <runtime_admin_password>SAM23#$</ 
runtime_admin_password> 


Specify the DNS server context. 
Example: <server_context>ou=sales,o=acme</server_context> 


Set this to 'yes' when you want to use a secure port for communicating with 
the LDAP server. 


Example: <use_secure_port>yes</use_secure_port> 


Description 


Specify the iFolder administrator name. 


Example: <admin_alias>/admin</admin_alias> 


Attribute Name Description 


alternate_Idap_admin Specify the admin user for the alternate LDAP source. 


Example: <alternate_ldap_admin>cn=admin,o=acme</ 
alternate_Idap_admin> 


alternate_Idap_admin_password Specify the admin password for the alternate LDAP source. 


Example: <alternate_Idap_admin_password>SAM23#$</ 
alternate_Idap_admin_password> 


alternate_Idap_port Specify the LDAP port for the alternate LDAP source. 

Example: <alternate_Idap_port>389</alternate_ldap_port> 
alternate_secure_Idap_port Specify the LDAP secure port for the alternate LDAP source. 

Example: <alternate_secure_Idap_port>636</alternate_secure_Idap_port> 


data_path Specify the iFolder data store path where all the iFolder related data is stored 
like database, managed iFolder data and unmanaged iFolder data. 


Example: <data_path>/var/simias/data</data_path> 
do_server_config Set it to 'yes' when you want to perform server configuration. 
Example: <do_server_config>yes</do_server_config> 
do_webacc_config Set it to 'yes' when you want to perform web access configuration. 
Example: <do_webacc_config>yes</do_webacc_config> 
do_webadmin_config Set it to 'yes' when you want to perform web administration configuration. 
Example: <do_webadmin_config>yes</do_webadmin_config> 
groups_ plugin Set it to 'yes' when you want to enable LDAP groups plugin. 
Example: <groups_plugin>no</groups_plugin> 
ifolder_admin_context Specify the LDAP context where the iFolder administrator context is present. 


Example: <ifolder_admin_context>cn=admin,o=acme</ 
ifolder_admin_context> 


ifolder_admin_password Specify the LDAP password for the admin context used as 
<ifolder_admin_context> tag. 


Example: <ifolder_admin_password>SAM23#$</ifolder_admin_password> 
ifolder_port Specify the HTTP port in which iFolder service has to listen. 
Example: <ifolder_port config:type="integer">443</ifolder_port> 


Idap_proxy_user Specify the LDAP proxy user DN used by iFolder for administrator related 
operations. It can be the OES common proxy as well. 


Example: 
<Idap_proxy_user>cn=OESCommonProxy_wdcwgpcminstall34,o=acme</ 
Idap_proxy_user> 
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Attribute Name 


Idap_search_context 


Idap_server 


master_address 


naming_attribute 


private_url 


proxy_password 


public_url 


recovery_path 


server_name 


slave_server 


system_description 


system_name 


use_alternate_Ildap_server 
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Description 


Specify a list of LDAP context that is used for the iFolder user authentication. 

Example: 

<ldap_search_context config:type="list"> 
<listentry>ou=wdc,o=acme</listentry> 

</Idap_search_context> 


Specify the LDAP server IP address or DNS name used by the iFolder 
server. 


Example: <Idap_server>192.168.1.1</Idap_server> 

Specify the iFolder Master server IP address or DNS name. 
Example: <master_address>192.168.1.1</master_address> 
Specify the LDAP attribute used as the unique identifier for login. 
Example: <naming_attribute>cn</naming_attribute> 


Specify the URL or IP address used by the iFolder server or multi-server 
configuration. This is also used for Web Access/Admin to communicate. 


Example: <private_url>164.99.100.34</private_url> 


Specify the LDAP proxy password. If OES common proxy is used, then 
specify the password of the common proxy. 


Example: <proxy_password>SAM23#$</proxy_password> 


Specify the URL or IP address used by the iFolder clients to communicate 
with the iFolder server. 


Example: <public_url>164.99.100.34</public_url> 


Specify the path in the server where the Encryption key recovery file is 
stored. 


Example: <recovery_path>/var/simias/data/simias</recovery_path> 


Specify the name of the iFolder server. This can be the DNS name of the IP 
used or the local server name. 


Example: <server_name>acme-208</server_name> 

Set it to 'yes' when the configuration is for a slave server. 
Example: <slave_server>no</slave_server> 

Specify a description that explains the current server's role. 


Example: <system_description>iFolder Enterprise System Sales Team</ 
system_description> 


Specify the name given to the iFolder System Domain. 
Example: <system_name>AcmeiFolder</system_name> 
Set it to 'yes' if an alternate LDAP server is present. 


Example: <use_alternate_ldap_server>no</use_alternate_Idap_server> 


Attribute Name 


use_Idap_ssl 


use_ssl 


web_acc_connect_port 


web_acc_logout_url 


web_acc_server_ip 


web_acc_use_ssl 


web_acc_use_ssl_browser 


web_admin_connect_port 


web_admin_logout_url 


web_admin_server_ip 


web_admin_use_ssl 


web_admin_use_ssl_ browser 


Description 


Set it to 'yes' if LDAP communication is via SSL-enabled protocol. 
Example: <use_Idap_ssl>yes</use_ldap_ssl> 
Represents if the iFolder communication is via SSL, non-ssl or both. 
Example: 

+ To use SSL: <use_ssl>SSL</use_ssl> 


+ To use non SSL: <use_ssI>NONSSL</use_ssl> 


+ To use both: <use_ssI>BOTH</use_ssl> 
Specify the port for web Access. 


Example: <web_acc_connect_port config:type="integer">443</ 
web_acc_connect_port> 


Specify the URL to redirect when a Web Access log out occurs. So that the 
session, used by Access Manager enabled products, can be safely 
terminated. 


Example: <web_acc_logout_url></web_acc_logout_url> 
Specify the IP or DNS used by the Web Access server. 
Example: <web_acc_server_ip>192.168.1.1</web_acc_server_ip> 


Set it to 'yes' if Web Access should use SSL for communication with the 
iFolder server. 


Example: <web_acc_use_ssl>yes</web_acc_use_ssl> 


Set it to 'yes' if browser should use SSL for communication with the Web 
Access. 


Example: <web_acc_use_ssl_browser>yes</web_acc_use_ssl_browser> 
Specify the port used by the Web Administration server. 


Example: <web_admin_connect_port config:type="integer">443</ 
web_admin_connect_port> 


Specify the URL to redirect when a Web Administration log out occurs. So 
that the session, used by Access Manager enabled products, can be safely 
terminated. 


Example: <web_admin_logout_url></web_admin_logout_url> 
Specify the IP or DNS used by the Web Admin server. 
Example: <web_admin_server_ip>164.99.100.34</web_admin_server_ip> 


Set it to 'yes' if Web Administration should use SSL for communication with 
the iFolder server. 


Example: <web_admin_use_ssl>yes</web_admin_use_ssl> 


Set it to 'yes' if browser should use SSL for communication with the Web 
Administration. 


Example: <web_admin_use_ssl_browser>yes</ 
web_admin_use_ssl_browser> 
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Attribute Name 


Description 


Specify the Apache alias used by the Web Access or Web Administration. 


web_alias 
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Example: <web_alias>/ifolder</web_alias> 


Attribute Name 


admin_group 


Description 


Specify the admin group name. The admin group will be created if it does not 


alternate_Idap_servers_list1 


alternate_Idap_servers_list2 


Idap_server 


exist and will be LUM-enabled. The admin user that is used to configure the 
LUM service will be added to this admin group and this group will be 
associated with the workstation object. 


Example: <admin_group>cn=admingroup,o=acme</admin_group> 


Specify a list of the IP addresses of the local eDirectory servers that you are 
connecting to. 


Example: 

<alternate_Idap_servers_list1 config:type="list"> 
<listentry>192.168.1.1</listentry> 
<listentry>192.168.1.2</listentry> 

</alternate_ldap_servers_list1> 


Specify one or more external LDAP servers. Ensure to specify the IP 
address of a valid LDAP server that is up and running. 


Example: 

<alternate_Idap_servers_list2 config:type="list"> 
<listentry>192.168.1.3</listentry> 
<listentry>192.168.1.4</listentry> 

</alternate_ldap_servers_list2> 


Specify the IP address of the LDAP server. 


Example: <Idap_server>164.99.100.38</Idap_server> 
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Attribute Name Description 


lum_enabled_services If you want the LUM-enabled users to accees the following services, set the 
value of those tags to 'yes': FTP, GDM, Gnome Screensaver, Gnomesu 
pam, Login, SFCB, SSHD and SU. 


Example: 

<lum_enabled_services> 
<ftp>no</ftp> 
<gdm>no</gdm> 
<gnome-screensaver>no</gnome-screensaver> 
<gnomesu-pam>no</gnomesu-pam> 
<login>no</login> 
<sfcb>yes</sfcb> 
<sshd>no</sshd> 
<su>no</su> 

</lum_enabled_services> 

partition_root Specify the context where UNIX Config Object will be created. 
Example: <partition_root>o=acme</partition_root> 


proxy_user Specify the LUM proxy user FQDN, in LDAP format, used for searching LUM 
users in eDirectory at login time. 


Example: <proxy_user>cn=Idapsproxy,o=acme</proxy_user> 


If you are using common proxy for LUM, mention the user FQDN of the 
common proxy as shown below. 
<proxy_user>cn=OESCommonProxy_localhostname,o=acme</ 
proxy_user> 


proxy_user_password Specify the password for the LUM proxy user. 
Example: <proxy_user_password>SAM23#$</proxy_user_password> 


restrict_access Set it to 'yes' if you want to restrict read and write access for users other than 
the owners of the home directories. 


Example: <restrict_access>yes</restrict_access> 


ws_ context Specify the workstation context. Computers running Linux User 
Management (LUM) are represented by Unix Workstation objects in 
eDirectory. The object holds the set of properties and information associated 
with the target computer, such as the target workstation name or a list of 
eDirectory groups that have access to the target workstation. 


Example: <ws_context>o=novell</ws_context> 


B.13 novell-samba 


NOTE: Novell Samba must not be installed on the same server as Novell CIFS. 
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Attribute Name 


Idap_server 


netbios_name 


proxy_user_context 
proxy_user_is_new 


proxy_user_password 


user_context 
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Description 


Specify the IP address (in IPv4 format) of the LDAP server in the tree that 
you want Novell Samba to use for LDAP (eDirectory) communications. 


Example:<ldap_server>192.168.1.1</Idap_server> 


Specify the NetBIOS name to use for the virtual Samba server. Use the 
hostname and append "-W" to it. The total length of the NetBIOS name can 
be up to 15 characters (this is a NetBIOS restriction). This means the 
hostname of the server should be limited to 13 characters. If you specify a 
longer hostname, it is truncated from the left to create the NetBIOS name. 
As a result, iManager won't be able to find the associated server and group 
objects. 


Example: <netbios_name>avalon-W</netbios_name> 


Specify the credentials of an eDirectory user that has rights to search the 
tree for Samba users. Specify the Fully Distinguished name of the Samba 
Proxy User in comma-delimited typeful format. (Typeful format means that 
the FDN uses the abbreviations of the LDAP object types (Such as cn=, 
ous, o=, dc= and so on).) Each of the intermediate containers must already 
exist. The proxy user name must be unique in that path. If the user identity 
does not yet exist, specify that it is new by specifying "Yes" as the value 
for the <proxy_user_is_new> tag. 


+ If you specify a new user that does not already exist in eDirectory, the 
user is created, LUM-enabled, and assigned the necessary rights and 
the password you specify here. 


+ If you specify an existing eDirectory user, it is assumed that you have 
already LUM-enabled the user and assigned the user the necessary 
rights, and no modification is made to the user. Specify the user's 
password. 


Example (new user): 


+ <proxy_user_context>cn=acme-208- 
sambaProxy,cn=Users,dc=labs,dc=wdc,dc=acme,dc=com</ 
proxy_user_context> 


+ <proxy_user_is_new>yes</proxy_user_is_new> 


+ <proxy_user_password>SAM23#$</proxy_user_password> 


Specify the Base Context of the Samba users who are accessing data on 
this server via Samba/CIFS. Specify the context in dot-delimited typeful 
format. This Base Context is usually set to the eDirectory container where 
the tree admin user is created. Typically, this is the Organization (O) 
container, and users are created in Organizational Unit (OU) containers 
beneath the O container. If your Samba users are (or will be) located in the 
same container as admin or in a subcontainer of that container, you should 
specify the o= container. Otherwise, specify a container in your tree that is 
at the same level or above the container where the Samba users will be 
created. 


Example: <user_context>cn=Users.dc=labs.dc=wdc.dc=acme.dc=com</ 
user_context> 


B.14 


B.15 


nss 


Attribute Name 


Idap_server 
nit_end_range 
nit_start_range 
nss_edir_context 


nssadmin_dn 


oes-Idap 


Attribute Name 


admin_context 
admin_password 


Idap_servers 


Description 
Specify the IP address of the LDAP server. 
Example: <Idap_server>192.168.1.34</Idap_server> 


Specify the UID end range. This value has to be an integer always. 


Example: <nit_end_range config:type="integer">200000</nit_end_range> 


Specify the UID start range. This value has to be an integer always. 


Example: <nit_start_range config:type="integer">100000</nit_start_range> 


Specify the NSS eDirectory context. 
Example: <nss_edir_context>ou=wdc,o=acme</nss_edir_context> 


Specify the NSS admin domain context. 


Example: <nssadmin_dn>cn=wdcsalesinstall34admin.ou=wdc.o=acme</ 


nssadmin_dn> 


Description 

Specify the LDAP Server Administrator context. 

Example: <admin_context>cn=admin,o=acme</admin_context> 

Specify the LDAP Server server Administrator password. 

Example: <admin_password>SAM23#$</admin_password> 

Specify the details of the list of LDAP servers in a particular tree. 
+ ip_address: Specify the IP address of the LDAP server. 


+ Idap_port: Specify the LDAP non-secure port number. 
+ Idaps_port: Specify the LDAP secure port number. 


Example: 
<Idap_servers config:type="list"> 
<listentry> 
<ip_address>164.99.100.38</ip_address> 
<Idap_port config:type="integer">389</Idap_port> 
<Idaps_port config:type="integer">636</Idaps_port> 
</listentry> 


</Idap_servers> 
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B.16 


B.17 
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Attribute Name 


proxy_context 


proxy_password 
tree_name 
use_common_proxy 
xad_tree_admin_context 


xad_tree_admin_password 


sms 


Attribute Name 


Idap_server 


novell-nssad 


Attribute Name 


ad_context 


ad_uid_generate_mode 


admin_name 
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Description 


Specify the FQDN of the default common proxy user. 


Example: <proxy_context>cn=OESCommonProxy_wdcsales34,o=acme</ 
proxy_context> 


Specify the common proxy user password. 

Example: <proxy_password>SAM23#$</proxy_password> 
Specify the eDirectory tree name. 

Example: <tree_name>sales_wdc_acme</tree_name> 

Set it to 'yes' when you want to use the default common proxy. 
Example: <use_common_proxy>yes</use_common_proxy> 
Specify domain tree admin FQDN context. 

Example: <xad_tree_admin_context></xad_tree_admin_context> 
Specify domain tree admin password. 


Example: <xad_tree_admin_password>SAM23#$</ 
xad_tree_admin_password> 


Description 


Specify the IP address of the eDirectory LDAP server 
that SMS connects to at install time. 


Example: <Idap_server>192.168.1.2</Idap_server> 


Description 


Specify Active Directory Context. 
Example: <ad_context>CN=Computers</ad_context> 
If you want NIT to generate UIDs specify this to ‘yes’. 


Example: <ad_uid_generate_mode>no</ 
ad_uid_generate_mode> 


Specify the Active Directory administrator user name 
or an equivalent user that can be used for the AD 
domain join operation. 


Example: <admin_name>Administrator</ 
admin_name> 


Attribute Name 


admin_password 


domain_admin_group 


domain_name 


nit_end_range 


nit_start_range 


pre_created_object 


Description 


Specify the administrator password. 


Example: <admin_password>pa55word</ 
admin_password> 


Specify the Active Directory domain admin group 
name. 


Example: <domain_admin_group>Domain Admins</ 
domain_admin_group> 


Specify the Active Directory domain name. 


Example: <domain_name>ACME.COM</ 
domain_name> 


Specify the UID end range. This value has to be an 
integer always. 


Example: <nit_end_range 
config:type="integer">200000</nit_end_range> 


Specify the UID start range. This value has to be an 
integer always. 


Example: <nit_start_range 
config:type="integer">100000</nit_start_range> 


If you want to use any pre-created objects, set this to 
‘yes’. 


Example: <pre_created_object>no</ 
pre_created_object> 
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Importing New Build Keys to the 
Keyring 


Beginning with January 2019, the OES update repository and OES packages are signed with 4096 bit 
key. The oes-build-key patch adds the 4096-bit key to the rpm keyring of the OES server. When this 
patch is applied, it displays a message to import the new keys to the keyring in the following 
scenarios: 


New Installation of OES 2015 SP1 


Post January 2019, if a new OES 2015 SP1 server is installed, the message to import the keys is 
displayed during the registration of the server to the customer center or to the patch update server. 


Upgrading to OES 2015 SP1 


Post January 2019, if an earlier version of OES is upgraded to the OES 2015 SP1 server, the 
message to import the keys is displayed during the registration of the server to the customer center or 
to the patch update server. 


Updating the OES 2015 SP1 server 

On patching the OES 2015 SP1 server post January 2019, the message to import the keys is 
displayed. 

NOTE: If a message to import the keys with the following details is displayed in any other scenario, 


you can go ahead and accept it to continue with the process: 


Key ID: O44ADAEE04881839 
Key Fingerprint: F5E39B083E1A8D7CEFF584C4044ADAEE04881839 


To import the new keys to the keyring and continue with the process: 


+ In zypper method: When New repository or package signing key received: is 
displayed, choose the option trust always by entering "a" in the command line. 


Figure C-1 Sample prompt in zypper 


+ In YaST method: Click Import. 
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Figure C-2 Sample prompt in YaST 


E YaST2 =H 
Loading the Package Manager... 


The owner of the key may distribute updates, 
packages, and package repositories that your Import Untrusted GnuPG Key 
system will trust and offer for installation and 

update without any further warning. In this way. 


importing the key into your keyring of trusted The following GnuPG key has been found in repository OES2015-SP1-Updates 


keys allows the key owner to have a certain http://bir x200%.20%.example.com /repo/$RCE/OES2015-SP1-Updates/sle-11-x8t 
amount of control over the software on your 


system. 
ID: 044ADAEE04881839 

Awarning dialog opens for every package that Fingerprint: FSE3 9B08 3E1A8D7C EFFS 84C4 044A DAEE 0488 1839 

is not signed by a trusted (imported) key. If you Name: Micro Focus Build Service (Contact security@novell.com) <OESBuild@nove 
do not import the key, packages created by the Created: 01/04/2019 

owner of key 044ADAEE04881839 show this Expires: 01/03/2024 

warning. 
p Import the key into your keyring of trusted public keys if you trust 

the owner of the key. Make sure that the key really belongs to a trusted 
owner before importing it. 


| Do Not import | | Import 


5% 
+ If SUSE manager is used for managing OES patches, to avoid errors while mirroring, you must 
perform the following: 
1. Run the command spacewalk-repo-sync -c <any-0ES-channels>. 
For example, spacewalk-repo-sync -c 0eS2015-sp1-pool-x86_64. 
2. When prompted to import the keys, import the keys and continue. 


See also, TID 7023680 (https://support.microfocus.com/kb/doc.php?id=7023680) 
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